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SCO  Sues  Two  Linux  Users, 
Warns  About  Further  Action 

DaimlerChrysler,  AutoZone  hit  with  charges; 
Linux  user  community  remains  defiant 


BY  TODD  R.  WEISS 

Following  through  on  threats 
it  started  making  10  months 
ago,  The  SCO  Group  Inc.  last 
week  filed  its  first  lawsuits 
against  corporate  Linux 
users,  targeting  auto¬ 
maker  DaimlerChrys¬ 
ler  AG  and  auto  parts 
retailer  AutoZone  Inc. 

The  twin  lawsuits 
expand  SCO’s  legal 
campaign  against  Lin¬ 
ux  backers  into  a  new  realm, 
and  SCO  executives  warned 
that  more  users  of  the  open- 
source  operating  system 
could  face  legal  action  if  they 


don’t  license  the  company’s 
Unix  software  or  certify  that 
they’re  complying  with  exist¬ 
ing  contracts. 

But  the  threat  may  be  falling 
on  deaf  ears.  A  sampling  of 
Linux  users,  who  for 
months  have  said 
they’re  not  worried 
about  SCO’s  allega¬ 
tions,  since  nothing  has 
been  proved  in  court, 
maintained  that  stance 
following  last  week’s  lawsuits. 

“We’re  not  at  all  concerned 
about  it,”  said  Tim  Kuchlein, 
director  of  IS  at  New  York- 

SCO  Suits,  page  57 


For  ongoing 
coverage  of  SCO’s 
legal  battle,  visit 
our  Web  site: 
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A  guide  to  the  strengths 
and  weaknesses  of  six  IT 
quality  frameworks,  from 
CMM  to  Six  Sigma. 
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Who’s  Driving  the 
Seairity Train? 


INVESTIGATIVE  REPORT 


One  year  after  the  Department  of  Homeland  Security 
released  its  National  Strategy  to  Secure  Cyberspace, 
corporate  IT  executives  say  the  public/private  partnership  plan  is  on  the  periphery  at  best. 
Dan  Verton  investigates  the  marginalization  of  a  government  strategy  that  was  supposed 
to  guide  your  company’s  cybersecurity  initiatives.  Story  begins  on  page  6. 
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■  Corporate  America 
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physical  and  cyber 
security,  a  Business 
Roundtable  survey 
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Users  Getting 
New  Benefits 
From  BizTalk 

Update  goes  beyond 
application  integration 

BY  CAROL  SLIWA 

For  years,  companies  have 
used  Microsoft  Corp.’s  BizTalk 
Server  primarily  for  applica¬ 
tion  integration,  to  transform 
data  from  the  widely  varying 
formats  of  their  business  ap¬ 
plications  so  it  can  be  routed 
to  other  systems  inside  and 
outside  their  firewalls. 


But  early  adopters  of  the 
2004  edition  that  Microsoft 
launched  last  week  have  been 
finding  new  ways  to  make  use 
of  its  scalable  rules  engine,  en¬ 
hanced  business  process  man¬ 
agement  and  business  activity 
monitoring  capabilities. 

Virgin  Entertainment  Group 
Inc.,  for  instance,  is  using  Biz¬ 
Talk  Server’s  new  rules  engine 
and  business  activity  monitor¬ 
ing  features  to  curb  employee 
BizTalk  Server,  page  57 


ONLINE  Q&A 

Microsoft’s  top  BizTalk  executive 
talks  about  the  biz: 

QuickLink  45214 
www.computerworld.com 


IT  Struggles 
To  Become 
More  Agile 

Adapting  to  business 
needs  is  a  rocky  road 

BY  THOMAS  HOFFMAN 

SAN  DIEGO 

Many  companies  are  eager  to 
make  their  IT  departments 
more  agile  so  they  can  re¬ 
spond  faster  to  changing  busi  ¬ 
ness  demands.  But  getting 
there  is  likely  to  be  a  long,  ar¬ 
duous  process,  said  about  a 

Agile  IT,  page  16 
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your  business  has  room  to  change 
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Up  with  capacity.  Down  with  complexity.  HP  StorageWorks 
Enterprise  Virtual  Array  combines  disk-array  storage  with 
the  ability  to  pool  resources,  making  it  easy  to  oversee  and 
control  vast  amounts  of  information.  Virtualization  ensures 
capacity  is  dynamically  expanded,  giving  you  the  most 
efficient  use  of  space  without  disrupting  service. 

Now  information  has  room  to  breathe,  and 
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Faster  than  the  fastest  gun 
in  the  West  who's  holding 


That  fast. 


BrightStor®  ARCserve®  Backup  Release  11 

Faster  and  easier  to  use  than  ever. 


When  it  comes  to  data  backup  and  recovery,  you  want  a  reliable,  high-performance  solution  you 
can  count  on.  That's  why  we've  created  BrightStor  ARCserve  Backup  Release  11,  featuring  the 
very  latest  in  storage  innovations.  BrightStor  ARCserve  Backup  is  faster  and  easier  than  ever, 
enhancing  both  efficiency  and  productivity.  And  with  CA's  superior  technology,  you  can  be 
confident  your  files  are  properly  backed  up  and  will  easily  be  restored  should  a  disaster  occur. 
For  more  information,  go  to  ca.com/storage/arcserve. 


Free  trial  of  BrightStor 
ARCserve  Backup  Release  11. 
Visit  ca.com/storage/arcserve 
or  call  1-866-558-2798. 
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Refocusing  the  Future 

In  the  Technology  section:  Health  insurer 
Humana  Inc.  applied  advanced  analytic 
models  to  its  data  warehouse  to  reduce 
costs  and  identify  new  markets,  say  Car¬ 
ol  McCall  and  Bruce  Goodman.  Page  25 


The  Database  Diet 

Also  in  the  Technology  section: 

Archiving  can  keep  databases  from 
becoming  bloated  by  outdated  trans 
actional  data,  say  IT  pros  like  Larry 
Cuda  of  Kennametal  Inc.  Page  32 
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Who  Holds  the 
Security  Reins? 

The  Department  of  Homeland 
Security  unveiled  its  National 
Strategy  to  Secure  Cyberspace  a 
year  ago.  Is  the  plan  working?  IT 
professionals  say  it's  the  private 
sector  that's  taking  the  lead  on 
security  initiatives,  making  the 
strategy  largely  irrelevant. 
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OHS  Gets  Relegated  to  the 
Corporate  Security  Margin 


One  year  after  the  National 
Strategy  to  Secure  Cyberspace 
was  released,  IT  professionals 
suggest  that  it  may  be  a  waste 
of  taxpayer  dollars.  By  Dan  Verton 


WHEN  THE  White 

House  released  the 
National  Strategy  to 
Secure  Cyberspace 
in  February  last  year,  the  guid¬ 
ing  principle  was  to  make  it  a 
“living  document”  capable  of 
changing  with  the  times  and 
meeting  the  needs  of  a  diverse 
Internet  com¬ 
munity. 

But  in  the 
year  since  its  release,  the  strat¬ 
egy  has  had  little  or  no  impact 
on  the  security  plans  and  in¬ 
vestments  of  many  of  the 
companies  that  were  sup¬ 
posed  to  be  integral  to  its  im¬ 
plementation,  corporate  IT 
executives  say.  And  although 


INVESTIGATIVE  REPORT 


some  critical-infrastructure 
sectors  have  heeded  the  gov¬ 
ernment’s  call  to  action,  many 
corporate  users  still  view  the 
plan  as  irrelevant  to  the  chal¬ 
lenges  they  face. 

“Although  we  all  do  our  best 
in  thinking  strategically  about 
issues  like  [the  national  strate¬ 
gy],  they  are  at  the  bottom 
of  any  list  I  have,”  said  John 
Spencer  Jr.,  vice  president  of 
operations  and  CIO  at  the 
American  Society  of  Health- 
System  Pharmacists  in  Bethes- 
da,  Md.  “What’s  the  payoff? 

“I  have  existing  budgets  that 
change  by  the  day,  I’m  trying 
to  patch  the  holes  in  my  Mi¬ 
crosoft-based  infrastructure 
daily  and 
weekly,  [and] 
new  and  dif¬ 
ferent  variants  of  viruses  are 
running  rampant,”  Spencer 
said.  “I  could  give  you  a  list  of 
100  things  like  this  that  I’m  ad¬ 
dressing  by  the  minute,  day 
and  week.  I  can  see  cause  and 
effect  related  to  these  issues, 
but  not  so  with  this  strategy.” 

Begging  vs.  Regulating 

For  IT  managers  like  Spencer, 
“cause  and  effect”  translates 
into  detailed  justification  for 
increasing  resources  to  do 
what  the  U.S.  Department  of 
Homeland  Security’s  National 
Cyber  Security  Division 
(NCSD)  is  asking  of  compa¬ 
nies  across  the  country:  to  bel¬ 
ly  up  and  take  the  lead  in  se¬ 
curing  cyberspace.  The  threat¬ 
ened  alternative:  unwanted 
regulation. 

The  irony  is  that  in  the  pri¬ 
vate  sector,  the  onset  of  new 
regulations  —  regulations  that 
have  nothing  to  do  with  the 
DHS  —  has  in  fact  forced  im¬ 
provements  in  cybersecurity, 
users  and  analysts  say. 

For  example,  Davidson 
Healthcare  in  Lexington,  N.C., 


They’re 
not  imple¬ 
menting  the 
strategy  in  a  seri¬ 
ous  way.  I  think 
largely  we’ve 
dropped  the  ball. 


RICHARD  CLARKE, 
former  chairman  of  the 
President's  Critical 
Infrastructure  Protection  Board 


along  with  every  other  com¬ 
pany  in  the  health  care  indus¬ 
try,  faces  on  April  15  the  non- 
negotiable  activation  of  the 
Health  Insurance  Portability 
and  Accountability  Act,  which 


requires  enhanced  security  to 
protect  private  patient  data. 

Unlike  HIPAA,  however,  the 
release  of  the  national  strategy 
“hasn’t  necessarily  provided 
any  [justification]  for  addi¬ 
tional  funding,”  said  Kevin 
Buchanan,  director  of  IT  at 
Davidson  Healthcare.  “HIPAA 
is  not  a  recommendation;  it’s 
federal  law.  And  when  I  say 
something  is  a  federal  require¬ 
ment,  senior  managers  can’t 
argue  with  that.” 

In  addition  to  HIPAA  and 
laws  that  cover  financial  re¬ 
porting,  such  as  the  Sarbanes- 
Oxley  Act,  pressing  business 
requirements  often  force  secu¬ 
rity  improvements  upon  se¬ 
nior  executives,  said  Fred 
Held,  a  partner  at  Tatum  CIO 
Partners  LLP  in  Los  Angeles. 

Held,  who  recently  complet¬ 
ed  an  assignment  as  CIO  at  a 
national  distribution  company, 
said  it  was  a  recent  merger 
agreement,  not  the  National 
Strategy  to  Secure  Cyberspace, 
that  drove  his  temporary  em¬ 
ployer  to  evaluate  its  security. 

And  therein  lies  the  discon¬ 
nect,  said  Craig  Janus,  vice 
president  of  the  Center  for  In¬ 
formation  and  Telecommuni¬ 
cations  Technologies  at  Falls 
Church,  Va.-based  Mitretek 
Systems  Inc. 

“There  is  no  cohesiveness 
built  into  the  strategy,”  said 
Janus.  “There  are  no  incen¬ 
tives  [such  as]  tax  credits  or 
cost  sharing  to  encourage,  if 
not  force,  the  private  sector  to 
do  more.” 

The  DHS  declined  to  re- 


Security  Grants  Up  for  Grabs 


ObjectVideo  provides  intelligent 
video  surveillance  software  used 
at  airports,  seaports,  U.S.  bor¬ 
ders,  oil  refineries,  chemical  and 
nuclear  plants,  and  public  water 
supply  facilities.  Raul  Fernan¬ 
dez,  the  Reston,  Va.-based  com¬ 
pany’s  CEO,  who  also  serves  on 
the  President's  Council  of  Advi¬ 
sors  on  Science  and  Technology, 
spoke  with  Computerworld about 
how  the  company  is  helping 
clients  apply  for  the  millions  of 


federal  dollars  being  made  avail¬ 
able  for  homeland  security  pilot 
projects. 

What  companies  have  you 
done  this  for,  and  who  is  eligi¬ 
ble?  We’ve  provided  government- 
proposal  assistance  for  major  air¬ 
ports  and  petroleum  companies, 
and  we’ve  advised  several  local 
and  state  law-enforcement  agen¬ 
cies.  Grants  are  set  aside  for  com¬ 
mercial,  state  and  local  organiza- 


www.computerworld.com 


spond  directly  to  the  com¬ 
ments.  Amit  Yoran,  head  of 
the  NCSD,  had  agreed  several 
weeks  ago  to  meet  with  Com- 
puterworld  on  March  2,  but  he 
canceled  the  interview  only 
hours  before  it  was  to  take 
place.  Instead,  a  spokesman 
for  Yoran  provided  a  written 
statement  that  offered  no  new 
details  about  the  national 
strategy  or  efforts  to  collabo¬ 
rate  with  the  private  sector. 

Money  Well  Spent? 

If  the  national  strategy  is  inef¬ 
fectual,  it’s  not  because  there’s 
no  money  to  bolster  it.  The 
Bush  administration  has  re¬ 
quested  $31  million  for  IT  secu¬ 
rity  efforts  as  part  of  the  fiscal 
2005  budget  proposal  for  the 
Information  Analysis  and  In¬ 
frastructure  Protection  Direc¬ 
torate  at  the  DHS.  It  has  also 
requested  $1.9  million  for  ex¬ 
panded  cybersecurity  exercis¬ 
es  to  uncover  vulnerabilities. 

The  question  being  asked 
by  many  corporate  users  is 
whether  the  money  should  be 
spent  on  the  national  strategy. 
While  there  are  signs  that  the 
public/private  partnership 
called  for  in  the  plan  is  begin¬ 
ning  to  slowly  pick  up  steam, 
many  users  credit  private- 
sector  programs  and  initia¬ 
tives  that  were  under  way 
well  before  the  strategy  was 

(released. 

“In  my  opinion,  a  large  part 
of  the  cybersecurity  strategy  is 
aimed  at  vendors  and  service 
providers  of  IT  solutions,”  said 
Rick  Perry,  director  of  enter- 


tions  and  sometimes  for  academic 
associations.  But  there  is  a  defini¬ 
tion  of  critical  infrastructure  that  is 
used  to  determine  justification. 

Where  can  they  find  information 
on  grants?  Award  announce¬ 
ments  are  usually  made  on  agency 
Web  sites  and  on  Web  sites  like 
www.FedGrants.gov  and  www. 
grants.gov. 

How  much  money  is  available? 
The  federal  government  distrib¬ 
utes  billions  of  dollars  in  grants 
each  year,  though  obviously  that 
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Yoran  Grilled  at  Senate  Hearing 


WASHINGTON  -  It  was  an 

inauspicious  moment  for 
Amit  Yoran,  the  federal  cyber¬ 
security  czar. 

“Have  you  focused  on  a 
threat  assessment?”  asked 
Sen.  John  Kyi  (R-Ariz.), 
chairman  of  the  Senate  Sub¬ 
committee  on  Terrorism, 
Technology  and  Homeland 
Security,  during  a  Feb.  24 
hearing  on  cyberterrorism. 
The  nation  is  “awash  in  a 
sea  of  vulnerability  studies,” 
said  Kyi.  But  what  is  miss¬ 
ing,  he  said,  is  “an  accurate 
threat  assessment”  about 
what  the  country  should 
worry  about  most:  individual 
hackers,  nations  or  terrorist 
organizations. 

For  several  tense  mo¬ 
ments,  Yoran  sat  in  silence 
and  then  shielded  his  micro¬ 
phone  as  he  whispered  to  a 
colleague  from  the  FBI. 

“Our  protection  strategy  is 
threat-independent,”  Yoran 
finally  replied.  Rather  than 


focusing  on  specific  attack 
profiles,  “we  are  developing 
programs  and  initiatives  that 
apply  to  the  gamut  of  attack 
approaches,”  he  added. 

“I  still  haven’t  heard  you 
say  you  have  done  a  threat 
assessment,”  responded  Kyi. 

Frustrated  by  the  line  of 
questioning,  Yoran  turned 
around  and  faced  an  under¬ 
ling  from  the  DHS  and  point¬ 
ed  angrily  to  a  sheet  of  paper 
on  which  was  written  “NIE.” 

“We’ll  have  to  wait  and 
see  what  the  NIE  says,” 
Yoran  said,  referring  to  a 
classified  National  Intelli¬ 
gence  Estimate  that  was 
scheduled  to  be  released 
within  days  of  the  hearing. 

Sen.  Dianne  Feinstein  (D- 
Calif.),  the  ranking  member 
of  the  subcommittee,  also 
posed  tough  questions  to 
Yoran,  particularly  about  his 
position  within  the  DHS  bu¬ 
reaucracy. 

“My  concern  is  that  we 


don’t  really  take  cyberterror¬ 
ism  as  seriously  as  we  should,” 
said  Feinstein,  adding  that 
she  was  troubled  by  the  de¬ 
cision  to  move  the  position 
once  held  by  former  cyberse¬ 
curity  czar  Richard  Clarke 
from  the  White  House  to 
where  it  now  sits,  several 
layers  down  in  the  DHS  bu¬ 
reaucracy.  “Given  your  lack 
of  seniority,  how  are  you  able 
to  direct  assistant  secre¬ 
taries  in  other  directorates?” 


YORAN’s  answers  didn’t  satisfy 
skeptical  legislators. 


“There  are  advisers  within 
■  the  White  House  who  main-  } 

:  tain  a  very  close  awareness 
of  cyberactivity  and  cyber¬ 
protection,”  said  Yoran, 

•  However,  Clarke  and 

•  his  immediate  successor, 

:  Howard  Schmidt,  both  ac- 
:  knowledged  that  the  Office 
:  of  Management  and  Budget, 
which  has  statutory  authori- 
:  ty  for  cybersecurity  pro- 
:  grams,  has  only  three  people 

•  working  on  the  issue  full 

:  time.  “If  they  were  serious 
:  about  it,  they  would  have  20 
;  to  30  people  working  it,”  y 
said  Clarke. 

\  When  the  hearing  ended, 

:  Kyi  was  visibly  frustrated 
:  with  the  inability  to  get  direct 

•  answers  from  Yoran  and  said 

•  he  didn’t  want  to  have  “to 
:  grill  anybody.” 

But  it  didn’t  appear  to  be 

•  Kyi’s  fault.  A  prominent  IT 
industry  executive  who  at¬ 
tended  the  hearing  but  did 

;  not  want  to  be  identified  by 
name  characterized  Yoran’s 
performance  as  “terrible.” 

-  Dan  Verton 


prise  operations  and  security 
at  The  Burlington  Northern 
and  Santa  Fe  Railway  Co. 

Perry  said  rail  companies 
have  voluntarily  and  without 
goading  by  the  DHS  formed 
the  Rail  Industry  Security 
Committee  to  share  best  prac¬ 
tices  and  rail  security  alert 


plans  that  cover  both  physical 
and  cybersecurity. 

Moreover,  Fort  Worth, 
Texas-based  Burlington  North¬ 
ern  recently  began  working  on 
a  pilot  program  sponsored  by 
the  U.S.  Department  of  De¬ 
fense’s  Intelligence  Systems 
Support  Office  called  Opera¬ 


tion  Picket  Fence. 

The  purpose  of  the  pro¬ 
gram,  which  will  begin  this 
spring,  is  to  provide  improved 
network  security,  install  and 
maintain  intrusion-monitoring 
and  cyberdefense  equipment, 
and  establish  a  centralized 
monitoring  and  management 


gets  spread  over  a  large  number  of 
grant  programs  intended  for  a  very 
wide  variety  of  purposes. 

The  individual  programs  that 
usually  apply  to  our  customers  will 
range  from  $2  million  to 
$20  million  per  grant. 

Each  grant  program  and 
each  round  of  grants  may 
have  different  levels  of 
funding. 


What  are  the  steps 
involved  in  the  grant 
process?  First,  it’s  very 
important  to  do  a  needs 


Q&A 


analysis  with  the  client  to  truly 
understand  their  business  and  re¬ 
quirements.  Then  we  typically 
identify  a  short  list  of  two  or  three 
grant  programs  and  determine 
which  one  will  best  meet 
the  client's  needs  and 
time  frame. 

On  average,  it  takes 
anywhere  from  two  weeks 
to  two  months  to  submit 
the  proposal.  The  actual 
writing  of  the  proposal  is 
the  quickest  part  of  the 
process.  The  most  difficult 
is  the  gathering  of  infor¬ 


mation  necessary  for  the  proposal. 

Why  would  clients  need  your 
company’s  help  instead  of  do¬ 
ing  it  themselves  or  hiring  a 
proposal  writer?  There  is  an  art 
to  writing  government  proposals, 
because  you  have  to  understand 
the  funding  agency’s  needs  and 
terminology.  For  instance,  you 
need  to  know  what  “force  protec¬ 
tion”  means  to  the  program  man¬ 
ager  at  D0D  in  order  to  answer 
questions  pertaining  to  it  in  the 
proposal. 

-  Dan  Verton 


facility  for  the  coordination  of 
responses  to  cyberterrorism, 
said  Perry. 

Likewise,  in  the  natural 
gas  industry,  “all  of  the  initia¬ 
tives  are  industry-driven” 
and  aren’t  a  result  of  the 
national  strategy,  said  Gary 
Gardner,  CIO  of  the  American 
Gas  Association. 

For  example,  the  association 
and  the  Gas  Technology  Insti¬ 
tute  this  year  plan  to  release 
an  encryption  protocol  that’s 
capable  of  supporting  SCADA 
systems  that  are  used  to  man¬ 
age  natural  gas  systems,  the 
electric  grid,  water  systems 
and  other  industrial  control 
infrastructures. 

Decades  Away? 

Although  Yoran’s  appointment 
in  September  to  lead  the  NCSD 
has  added  some  momentum  to 
the  government’s  strategy,  “for 
most  people  in  the  industry. 

I’m  sure  it’s  a  plan  that’s  sitting 
in  a  File  somewhere,”  said 

Continued  on  page  S 
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NCSD’s  Initiatives  to  Date 

L.  _ _ , _ , _ _ - _ _ _ _ _ _ _ _ _ _ _ - _ _ _ _ _ - _ _ _ ad 

■  U.S.  Computer 
Emergency  Readi¬ 
ness  Team  (US- 
CERT):  Administers 
the  National  Cyber 

Alert  System. 

mumN 

■  Chief  Information 
Security  Officers 
Forum:  A  secure 
collaboration  environ¬ 
ment  for  federal 

CISOs. 

■  Forum  of  Incident 
Response  and 
Security  Teams: 

An  Information¬ 
sharing  mechanism 
for  members  of 
federal  CERTs. 

■  Cyber  Interagency 
Incident  Manage¬ 
ment  Group:  Brings 
together  experts  from 
federal  law  enforce¬ 
ment,  defense 
and  intelligence 
communities. 

■  Critical  Infra¬ 
structure  Warning 
Information  Net¬ 
work:  A  private, 
secure  and  survivable 
network  for  use  in 
the  event  of  an  Internet 
outage. 

Gardner.  “Is  it  driving  the 
train?  I’m  not  sure.” 

At  the  first  National  Cyber 
Security  Summit,  held  in  Palo 
Alto,  Calif.,  in  December,  and 
again  during  an  event  last 
month  marking  the  one-year 
anniversary  of  the  strategy’s 
release,  Yoran  said  the  NCSD 
had  moved  “from  national 
strategy  development  and  ar¬ 
ticulation  to  implementation.” 

As  evidence  of  that  shift, 
Yoran  pointed  to  a  number  of 
programs  designed  to  prevent 
cyberattacks  and  enable  an  ef¬ 
fective  response  to  attacks 
that  do  occur  (see  box,  above 
right).  But  he  cautioned  that 
the  benefits  from  many  of  the 
“strategic  level”  programs, 
such  as  those  in  the  area  of 
software  assurance,  may  not 
be  realized  for  years  or  even 
decades. 

“Even  if  R&D  were  not  re¬ 
quired  and  the  tools  were 
readily  available  for  us  to  de¬ 
velop  more  secure  code,  this 
technology  would  still  have  to 
work  its  way  into  the  compil¬ 
ers  of  several  development 
tools  commonly  used  by  the 
software  development  com¬ 
munity,”  said  Yoran.  “And  once 
that  occurs,  there  are  annual 


I’m  sure  it’s 
a  plan  that’s 
sitting  in  a  file  some¬ 
where.  Is  it  driving  the 
train?  I’m  not  sure. 


GARY  GARDNER,  CIO, 

American  Gas  Association 

or  longer  development  cycles 
before  more  secure  products 
hit  the  marketplace.  And  then 
we  start  the  long  and  multi¬ 
year  cycle  of  technology  re¬ 
fresh  and  upgrades.” 

But  Richard  Clarke,  who 
published  the  National  Strate¬ 
gy  to  Secure  Cyberspace  as  his 
last  official  act  as  chairman  of 
the  President’s  Critical  Infra¬ 


structure  Protection  Board 
before  leaving  for  the  private 
sector  last  March,  said  all  of 
the  programs  called  for  in  the 
document  could  be  started 
immediately. 

“They  could  all  be  done  to¬ 
day  if  the  government  wanted 
to,”  Clarke  said.  “There’s  no 
technological  reason  [for  the 
delay].  It’s  just  a  matter  of  will 
and  resources.” 

The  government  “is  not  sit¬ 
ting  down  with  the  electric 
power,  transportation,  banking 
and  finance,  and  other  indus¬ 
tries  and  saying,  ‘Show  us  how 
you’re  implementing  the  na¬ 
tional  strategy,’  ”  said  Clarke. 
“They’re  not  implementing 
the  strategy  in  a  serious  way.  I 
think  largely  we’ve  dropped 
the  ball.”  O  45224 
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SECURITY. 


The  American  Institute  of  Cer¬ 
tified  Public  Accountants  Inc. 
(AICPA)  has  had  a  strategy  for 
improving  national  cybersecu¬ 
rity  for  more  than  five  years. 
The  New  York-based  organiza¬ 
tion  is  now  working  with  the 
Center  for  Internet  Security  on 
integrating  its  guidelines  with 

the  center’s  technical  bench- 

■■ 

•  marks.  The  CIS  is  a  Hershev. 


marks.  The  CIS  is  a  Hershey, 
Pa. -based  nonprofit  security 
standards  consortium  of  more 
than  170  companies. 

Known  as  Trust  Services, 
the  AlCPA’s  auditing  guidelines 
were  presented  to  the  White 
House  in  a  briefing  prior  to  last 
year’s  release  of  the  National 
Strategy  to  Secure  Cyber¬ 
space.  The  guidelines,  which 
can  be  downloaded  free  of 
charge  [QuickLink  a412Q  for  a 
I  PDF],  are  a  central  part  of  the 


discussions  on  Capitol  Hill 
surrounding  proposed  legisla¬ 
tion  that  would  require  publicly 
traded  companies  to  conduct 
independent  security  audits 
and  detail  the  results  in  their 
annual  reports  [QuickLink 
43497], 

Trust  Services  are  “guide¬ 
lines  that  came  out  in  1999  to 
enable  CPAs  to  assess  securi¬ 
ty,  privacy  and  availability  of 
information  systems,”  said 
Michael  Dickson,  a  CPA  at 
Columbus,  Ohio-based  Busi¬ 
ness  Technology  Group  LLC 
who  also  holds  the  AlCPA’s 
coveted  Certified  Information 
Technology  Professional  desig¬ 
nation,  “The  thing  that  differ¬ 
entiates  our  standard  from 
others  is  that  we  can  issue  an 
assurance  report,  which  is  like 
an  audit  report." 


“People  may  not  have  been 
aware  that  CPAs  are  in  the 
security  space,  the  privacy 
space  and  the  confidentiality 
space,”  said  Karyn  Waller,  a 
CPA  and  senior  technical  man¬ 
ager  at  the  AICPA.  But  what  re¬ 
ally  makes  the  AICPA  approach 
attractive  on  a  national  scale  is 
that  the  guidelines  are  flexible 
and  scalable  over  time  and  the 
results  will  be  consistent  from 
company  to  company,  she  said. 

“The  idea  is  that  two  differ¬ 
ent  CPAs  looking  at  the  same 
set  of  circumstances  have  a 
very  good  chance  of  coming  up 
with  the  same  results,”  said 
Dickson.  “They  are  generic 
enough  to  facilitate  the  audit 
process  but  specific  enough  to 
ask  questions  about  firewall 
settings  and  if  unnecessary 
Services  have  been  disabled.” 

The  problem  on  a  national 
scale  is  that  there  are  more 


PROCESSING  INTEGRITY 


System  processing  is  com¬ 
plete,  accurate,  timely  and 
authorized. 

sonal  information  obtained 
as  a  result  of  e-commerce 
is  collected  and  retained  1 

asagreed.  1 


CONFIDENTIALITY. 


than  a  dozen  standards  avail¬ 
able  that  companies  can  fol¬ 
low,  but  not  all  of  the  stan¬ 
dards  are  applicable  to  all 
business  types  or  industry 
sectors,  said  Dickson. 

Alan  Palter,  director  of  the 
Bethesda,  Md. -based  SANS 
Institute,  sits  with  representa¬ 
tives  of  the  AICPA  on  a  task 
force  that  was  formed  by  Rep. 
Adam  Putnam  (R-Fla.)  to  de¬ 
vise  security  best  practices  for 
the  private  sector.  He  said  he 
wasn’t  happy  with  the  AICPA 
approach  until  very  recently 
because  of  its  general,  non¬ 
technical  focus  on  security. 

However,  Paller  said  the 
AlCPA’s  recent  effort  to  work 
with  the  CIS’s  benchmark  ap¬ 
plications  “will  make  the  re¬ 
sults  much  more  comparable 
[among  companies]  and  imme¬ 
diately  useful.” 

-Dan  Verton 
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Windows  XP  SP2 
Could  Break  Apps 

Microsoft  Corp.  warned  last 
week  that  Service  Pack  2  for 
Windows  XP,  to  be  released  later 
this  year,  could  render  some  ap¬ 
plications  inoperable.  Because  of 
security  enhancements  made  at 
the  expense  of  backward  com¬ 
patibility,  Microsoft  is  advising 
code  tests  against  the  SP2  beta 
[QuickLink  45255]. 


Del!  President  to 
Become  New  CEO 

Dell  Inc.  founder  Michael  Dell  will 
relinquish  his  CEO  title  to  current 
President  and  Chief  Operating 
Officer  Kevin  Rollins,  the  compa¬ 
ny  announced  last  week.  Dell  will 
remain  chairman  of  the  compa¬ 
ny’s  board  of  directors.  The  move 
will  become  effective  July  16. 


Code  Inspection 
Tool  Makes  Debut 

Reasoning  Inc.  today  will  unveil 
a  security  inspection  service 
aimed  at  companies  that  develop 
C  or  C++  code.  Mountain  View, 
Calif.-based  Reasoning’s  service 
will  help  companies  find  and  fix 
root-cause  security  vulnerabili¬ 
ties  that  are  the  leading  targets 
of  hackers,  officials  said.  Final 
pricing  hasn’t  been  determined 
but  is  expected  to  be  20  cents 
per  line  of  code  inspected. 


MARK  HALL  ■  ON  THE  MARK 

Offshore  Advocates 
Woo  Silicon  Valley . . . 

. . .  execs  and  denounce  politicians  who  campaign  against  the  shipping  of 
U.S.  high-tech  jobs  abroad.  At  the  Software  2004  conference  in  San 
Francisco  last  week,  Romesh  Wadhwani,  chairman  of  Symphony  Tech¬ 
nology  Group  LLC  in  Palo  Alto,  Calif.,  exhorted  an  audience  of  1,100 
IT  vendor  honchos,  including  400  CEOs,  to  get  on  the  offshore  band¬ 
wagon  in  order  for  their  companies  to  have  a  viable,  profitable  future. 
“Most  software  companies  that  reinvent  their  business  model  will 


use  offshore  in  a  large  and  strategic,  not 
tactical,  way,”  he  argues.  Translation: 
More  software  development  work  is 
heading  to  India.  As  Computer  Associ¬ 
ates  CEO  Sanjay  Kumar  remarks,  “If  you 
work  behind  a  computer  screen,  your  job  is  up 
for  grabs.”  ■  Some  politicians’  jobs  may 
hinge  on  their  positions  on  outsourcing 
IT  work  to  India,  and  a  few  are  getting 
critical  of  the  trend,  which  amuses  Wad¬ 
hwani.  He  quips,  “You  know  when  politi¬ 
cians  say  something  is  bad, 
that’s  a  good  thing.”  ■  In  an 
often  rambling  and  disjoint¬ 
ed  keynote  talk  at  the  same 
event,  Ray  Lane  also  endorsed 
the  exodus  of  U.S.  jobs  to  India. 

The  former  chief  operating 
officer  of  Oracle  Corp. 
who’s  now  a  general  partner 
at  Kleiner  Perkins  Caufield 
&  Byers,  Silicon  Valley’s 
leading  venture-capital  firm, 
claimed  that  for  every  IT 
development  dollar  sent  to 
Bangalore,  $1.14  gets  gener¬ 
ated  in  the  U.S.  Pointing  to 
the  distinction  between  the 
two  political  parties  on  the 


issue,  Lane  concludes,  “You  should  be 
able  to  figure  out  how  I’m  going  to  vote 
in  November.”  ■  Charles  Stevenson  keeps 
his  politics  to  himself,  but  he  readily 
shares  his  views  on  outsourcing.  He  is 
the  chief  technology  officer  as  well  as 
COO  at  Gupta  Technologies  LLC,  a  data¬ 
base  and  software  tools  vendor  in  Red¬ 
wood  Shores,  Calif.  As  such,  he’s  intimate 
with  the  tactical  value  of  outsourcing.  After 
all,  he  cut  five  quality  assurance  jobs  and 
gave  the  work  to  Sonata 
Software  Ltd.  in  Bangalore. 
But  he  says  he  did  so  to  pro¬ 
tect  68  workers  in  the  U.S. 
He  suggests  the  views  of 
Wadhwani  and  Lane  “are  com¬ 
pletely  out  of  sync  with  the  real¬ 
ity  of  innovation.”  He  explains 
that  face-to-face  collabora¬ 
tion  is  key  for  critical  prod¬ 
uct  architecture,  design  and 
core  development  work.  By 
tactically  adding  Sonata’s 
quality  assurance  work,  he’s 
able  to  push  projects  out  the 
door  33%  faster.  This  is  true, 
in  part,  because  his  Califor¬ 
nia  programmers  can  see 


Sonata’s  analysis  of  their  previous  day’s 
coding  when  they  reach  their  desks  in 
the  morning.  With  an  in-house  quality 
assurance  team,  there  would  be  another 
day  in  between  to  slow  things  down. 

■  Another  Silicon  Valley  executive  who 
isn’t  buying  the  wholesale  rush  to  off¬ 
shore  is  Jim  Green,  CEO  of  Composite 
Software  Inc.  in  San  Mateo,  Calif.  Green 
says  he  doesn’t  care  whether  your  devel¬ 
opers  are  in  Boston  or  Bangalore,  you  bet¬ 
ter  have  a  foolproof  way  to  manage  a  distrib¬ 
uted  development  environment.  And  if  you 
have  one,  please  share  it  with  him,  be¬ 
cause  he  hasn’t  seen  one  yet.  Green  says 
“teamwork  and  staying  close  to  the  cus¬ 
tomer”  were  critical  during  the  develop¬ 
ment  of  the  Composite  Information  Serv¬ 
er,  a  technology  that  lets  you  run  queries 
on  multiple  sources  through  a  single 
view  of  the  data.  When  you’re  spending 
R&D  money,  Green  argues,  you  want 
every  dollar  invested  to  return  $10,  which 
means  success  is  paramount.  “How  do 
you  maximize  your  confidence  that  an 
R&D  project  will  be  successful?”  he  asks. 
Saving  a  few  nickels  by  going  overseas 

is  nice,  but  will  the  extra  management 
and  communication  hassles  put  the  proj¬ 
ect  at  risk?  Maybe,  maybe  not.  It’s  your 
choice.  That’s  why  they  pay  you  the  big  bucks. 

■  With  the  flood  of  venture-capital  dol¬ 
lars  drenching  Silicon  Valley  this  year, 
maybe  companies  there  won’t  have  to 
move  jobs  abroad.  “There’s  so  much  ven¬ 
ture  money  in  the  Valley,  it’s  obscene,” 
says  Michael  Howard,  CEO  of  OuterBay 
Technologies  Inc.,  which  just  moved  into 
its  snazzy  new  headquarters  in  Cuperti¬ 
no,  Calif.  He  points  to  a  recent  $900  mil¬ 
lion  venture-capital  fund  so  desperate 

to  invest  the  cash  hoard  that  it  hired  a 
dozen  telemarketers  to  call  execs  like 
Howard  and  beg  them  to  take  their  money. 

He  says  he  treated  them  like  he  does 
other  telemarketers.  Click!  ©  45222 


Venture  capitalists 
invested  $3.6  billion 

in  software  companies 
in  2003. 

The  top  U.S.  capital 
investment  is  in  soft¬ 
ware,  with 
projected  to  be  spent 
in  2004. 

*>  84%  of  software  com¬ 
panies  are  sending 
work  offshore. 
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Short  Takes 

The  U.S.  SECURITIES  AND  EX¬ 
CHANGE  COMMISSION  has  re¬ 
quested  information  regarding 
Electronic  Data  Systems  Corp.’s 
Navy/Marine  Corps  Intranet  con¬ 
tract.  . . .  sun  microsystems 

INC,  appointed  Marissa  Peterson 
as  executive  vice  president  for 
Sun  Service,  replacing  Patricia 
Sueltz. . . .  More  than  50  mem¬ 
bers  of  Congress  plan  to  intro¬ 
duce  a  bill  that  would  make  com¬ 
panies  ineligible  for  government 
financial  assistance  if  their  poli¬ 
cies  favor  overseas  workers  at 
the  expense  of  U.S.  workers 
[QuickLink  45204]. 


BY  MARC  L.  SONGINI 

Actuate  Corp.  is  upgrading  its 
server-based  reporting  appli¬ 
cations  to  help  streamline  the 
process  of  developing  frame¬ 
works  for  generating  reports 
and  to  let  IT  staffers  more  ef¬ 
fectively  monitor  the  soft¬ 
ware’s  use. 

Company  officials  last  week 
outlined  plans  for  the  Actuate 
8  upgrade,  which  is  due  for 
shipment  this  summer.  It  will 
include  new  user-based  pric¬ 
ing  in  place  of  the  existing 
I  processor-based  license  fees. 


To  ease  access  to  disparate 
data  sources  for  end  users,  Ac¬ 
tuate  8  will  include  new  enter¬ 
prise  information  integration 
tools,  said  Pete  Cittadini,  the 
South  San  Francisco-based 
vendor’s  CEO.  The  integration 
capabilities  are  being  drawn 
from  technology  that  Actuate 
acquired  last  summer  when  it 
bought  Nimble  Technology 
Inc.,  a  maker  of  data  integra¬ 
tion  software  for  building  Web 
services  connections  or  portal 
applications. 

Nimble’s  tools  will  supple¬ 


ment  conventional  data  ex¬ 
tract,  transform  and  load 
mechanisms  and  will  let  IT 
workers  develop  reporting 
routines  without  having  to 
understand  the  underlying 
database  plumbing,  Cittadini 
said.  For  instance,  report  de¬ 
velopers  will  be  able  to  use  an 
XML-based  abstraction  layer 
to  pull  information  from  vari¬ 
ous  data  sources. 

Actuate  is  also  adding  tools 
to  let  IT  administrators  view 
which  end  users  are  employ¬ 
ing  the  reporting  software, 


Cittadini  said.  That’s  intended 
to  help  IT  staffers  gauge  user 
adoption  rates  and  make  deci¬ 
sions  about  resource  alloca¬ 
tion  and  other  operational  is¬ 
sues,  he  added.  Currently, 
such  monitoring  requires  the 
use  of  a  third-party  tool. 

The  usage  monitoring  fea¬ 
ture  could  help  IT  managers 
judge  the  success  of  Actuate  8 
rollouts,  said  Phil  Russom,  an 
analyst  at  Forrester  Research 
Inc.  With  the  new  software,  IT 
workers  will  also  be  able  to 
measure  peak  usage  times  on 
the  reporting  server  and  the 
use  of  the  software  by  depart¬ 
ments,  he  said.  ©  45213 
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Fortunately  you  have  the  most  manageable 

video  conferencing  systems  in  the  world. 


With  IT  resources  scarcer  than  ever,  you  need  Polycom's  integrated  video  conferencing, 
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IT  Leader  Survey  Shows 
Upbeat  Outlook  for  ’04 

But  attendees  of  this  year’s  Premier  100 
conference  still  see  security  as  key  issue 


BY  TODD  R.  WEISS 

N  AN  EXCLUSIVE  SURVEY 
in  advance  of  Computer- 
world’s  5th  Annual  Pre¬ 
mier  100  IT  Leaders  Con¬ 
ference,  a  large  majority  of  the 
IT  executives  who  responded 
to  the  poll  said  they’re  very 
optimistic  about  the  future  of 
IT  as  a  strategic  contributor  to 
their  businesses’  success. 

The  survey  was  designed  to 
gauge  how  2004  is  shaping  up 
for  IT,  and  of  the  159  respon¬ 
dents,  25%  said  they’re  “some¬ 
what”  optimistic,  while  just 
2%  reported  that  they  aren’t  at 
all  optimistic.  IT  professionals 


who  registered  for  the  confer¬ 
ence,  which  opens  today  in 
Palm  Desert,  Calif.,  were 
polled  on  a  range  of  topics, 
from  security  to  open-source 
software  and  outsourcing. 

Security  remains  a  huge 
concern,  with  57%  of  those 
polled  saying  that  viruses, 
worms  and  other  attacks  cause 
the  greatest  expense  or  poten¬ 
tial  for  disruption  on  a  daily 
basis,  while  24%  said  patch 
management  is  the  most  costly 
or  disruptive  security  task. 

About  34%  of  the  respon¬ 
dents  said  Linux  will  have  an 
increased  presence  in  their  IT 


infrastructures  this  year,  while 
31%  said  they  don’t  use  it  or 
plan  to  use  it.  Another  21% 
plan  to  keep  their  Linux  usage 
at  current  levels. 

U.S.-based  IT  hiring  this 
year  will  increase  for  44%  of 
the  respondents,  while  almost 
the  same  number,  43%,  plan  to 
keep  staffing  levels  the  same. 
Only  13%  expect  staffing  cut¬ 
backs. 

Mixed  Agendas 

In  interviews,  several  confer¬ 
ence  attendees  talked  about 
the  survey  results  and  the  IT 
issues  they  face. 

Joseph  Cleveland,  CIO  at 
aerospace  and  defense  con¬ 
tractor  Lockheed  Martin  Corp. 
in  Bethesda,  Md.,  and  presi- 


HWe  are  beef¬ 
ing  up  all  of 
the  tools  that  we 
need  for  intrusion 
detection. 


JOSEPH  CLEVELAND, 

CIO,  LOCKHEED  MARTiN  CORP. 

dent  of  Lockheed  Martin  En¬ 
terprise  Information  Systems, 
agreed  that  security  is  a  major 
focus.  “We  are  beefing  up  all 
of  the  tools  that  we  need  for 
intrusion  detection,”  he  said. 

William  Farrow  III,  CIO  of 
the  Chicago  Board  of  Trade, 
said  his  hiring  will  increase 
this  year  to  keep  up  with  new 


trading  and  money-transfer 
systems  designed  to  modern¬ 
ize  the  exchange.  “As  you  ex¬ 
pand  your  technical  platforms, 
you  have  to  expand  your  peo¬ 
ple  to  run  it,”  he  said. 

Marina  Levinson,  CIO  at 
handheld  device  vendor  Palm- 
One  Inc.  in  Milpitas,  Calif., 
said  she  expects  the  use  of 
Linux  at  her  company  to  in¬ 
crease.  A  Linux-based  e-com¬ 
merce  platform  the  company 
inherited  with  its  purchase  of 
Handspring  Inc.  will  become 
more  widely  used  for  Palm- 
One’s  Web  site,  she  said.  “We 
want  to  leverage  and  expand 
that,”  she  said. 

And  Jason  Glazier,  chief 
technology  and  e-commerce 
officer  at  Philadelphia-based 
Lincoln  Financial  Group, 
praised  the  merits  of  on- 
demand  technology  and  said 
his  company  will  be  moving  to 
the  technology  later  this  year. 
“It  definitely  has  applications 
to  Lincoln,”  Glazier  said. 
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PREMIER  100  SURVEY  STATS 


UTILITY  OR  ON-DEMAND  COMPUTING 


When  asked  if  they  are  considering 
or  implementing  utility  or  on-demand 
computing  technology: 


33% 

* — - — - l  - - : - - - •  .  • 

said  they  are  evaluating  it  but  have 
made  no  decision 

29% 

reported  they  aren’t  considering  im¬ 
plementing  it  because  they  don’t  have 

applications  suited  for  a  utility  model 

23% 

reported  they  weren’t  considering  it  be¬ 
cause  there  are  too  many  uncertainties 

11% 

said  they  had  implemented 

some  aspects  of  it 

§  4%  ‘ 

reported  planning  to  switch  to  a  utility 

model  for  some  or  all  applications  in 

HI 

the  next  12  months 

-  ‘•L-kuV  '  .  .  ■  ■'  '  '  -  ■  ’  ‘  ■  -/ 

WEB  SERVICES 


When  asked  what  is  impeding  their 
company’s  adoption  of  Web  services: 


25% 

. 

said  security  is  the  greatest  obstacle 

22% 

cited  lack  of  in-house  skills  to 
support  the  technology 

22% 

said  product  immaturity  is  the 
greatest  obstacle 

12% 

cited  a  lack  of  standards 

8% 

said  cost  is  the  greatest  obstacle 

3% 

said  there  are  no  obstacles 

3% 

indicated  infrastructure/ 
architecture  issues 

5% 

cited  a  variety  of  other  obstacles 

BASE:  153 

REGULATORY  COMPLIANCE 


When  asked  to  gauge  their  IT 
organizations’  involvement  and  their 
own  involvement  in  their  companies’ 
regulatory  compliance  activities: 


52% 

said  they  are  substantially  involved 
but  not  in  charge 

24% 

said  they  are  somewhat  involved 

in  an  advisory  rote 

17% 

said  they  aren't  at  all  involved 

7% 

said  they  are  completely  in  charge 

of  the  effort 

OPEN-SOURCE 


When  asked  about  their  plans 
for  Linux  in  2004: 


said  they  are  holding  steady  with 
current  usage  levels 


said  they  are  replacing  Unix,  where 
feasible,  with  Linux 


said  they  are  replacing  Windows, 
where  feasible,  with  Linux 


OUTSOURCING  AND  STAFFING 


Those  who  are  hiring  in  2004  said  they 
expect  to  add  IT  staff  in  these  ai 

oject  management 
intrastructure/networking 
Linux  development:  7% 

1  Application  development: 

Other:  6% 

Systems  integration  or  Web 


When  asked  about  their  2004  IT  hiring 
plans  for  U.S.-based  employees: 


said  they  plan  to  increase  their  U.S.-based  staff 
have  no  changes  in  staffing  levels  planned 
said  they  will  decrease  their  U.S.-based  staff 

mb.*/  &  wmmmmm 


METHODOLOGY :h  an  exclusive  Camputerworld  survey,  this  year’s  Premier  100  IT  Leaders  and  conference  attendees  from  IT 
vso'  companies  ottered  their  opinions  on  the  hot  issues  in  the  industry.  Questions  covered  a  range  of  topics,  including  offshore 
’•  oi-  oil -u.  security  and  regulatory  compliance.  The  respondent  base  for  all  questions  is  159,  unless  otherwise  noted. 


When  asked  what  they  currently  use  offshore  outsourcing  for: 


43%  said  they  aren’t  using  offshore 

* 

6%  said  for  infrastructure  work, 

outsourcers 

including  network  management  and 

24%  said  for  new  application 

systems  and  database  administration 

development 

5°/:  said  for  call  center  operations 

said;  for  maintenance  or  support 

of  existing  applications 

4%  said  for  business  process  work 

1 

MORE  ONLINE 


For  more  Premier  100  survey 
results,  visit  our  Web  site: 
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Your  poten tial.  Our 


Great  Moments  at  Work. 

3:24  pm  No  one  interrupts  you  with  a 
request  to  locate  that  critical  document  they 
absolutely  must  have  right  this  very  second. 
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Introducing  the  new  Microsoft  Office  System. 

Now  users  can  do  more  for  themselves  so  you  can  focus 
on  the  important  things.  With  Microsoft®  Windows® 
SharePoint™  Services,  Microsoft  Office  SharePoint  Portal 
Server  2003,  and  Microsoft  Office  Live  Communications 
Server  2003,  users  can  easily  search  across  their  company 
to  find  existing  information,  all  while  directly  and  securely 
connecting  to  those  in  the  know.  Leaving  you  with  less  time 
spent  on  their  issues,  and  more  time  spent  on  your  own. 
For  more  information,  go  to  microsoft.com/officelT 


Microsoft 
Office  System 

More  than  what  it  used  to  be,  Microsoft  Office  is  now  an 
integrated  system  of  programs,  servers,  services,  and  solutions. 

Programs 

Servers 

Services 

Access  2003 

Excel  2003 
Frontpage®  2003 
InfoPath™  2003 
OneNote™  2003 
Outlook®  2003 

PowerPoint®  2003 
Project  2003 
Publisher  2003 

Visio®  2003 

Word  2003 

Project  Server  2003 

Live  Communications 
Server  2003 

Exchange 

Server  2003 

SharePoint™  Portal 
Server  2003 

Live  Meeting 

Office  Online 

Solutions 

Solution  Accelerators 

Enabling  Technologies: 

Windows  Server™  2003,  Windows®  SharePoint  Services, 
Rights  Management  Services 
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Cargill  Chooses 
Beilin  $30M  Deal 

Cargill  Inc.  last  week  said  it  has 
standardized  on  Dei!  Inc.  in  a  S30 
million  revamp  of  its  IT  infrastruc¬ 
ture.  Following  an  eight-month  as¬ 
sessment,  Cargill  plans  to  stan¬ 
dardize  globally  on  approximately 
30,000  Dell  systems  in  61  coun¬ 
tries  over  the  next  three  years, 
said  Rita  Heise,  CIO  at  the  Min¬ 
neapolis-based  food,  financial  and 
industrial  products  conglomerate. 


Citrix  to  Ship  New 
MetaFrame  Release 

Citrix  Systems  Inc.  last  week  an¬ 
nounced  MetaFrame  Secure  Ac¬ 
cess  Manager  Version  2.2.  The 
new  release  provides  mobile 
users  with  secure  remote  access 
for  Microsoft  Outlook  synchro¬ 
nization  and  more  flexibility  in 
user-interface  options,  company 
officials  said.  It  will  be  available 
this  quarter.  Pricing  for  a  50-user 
concurrent-license  starter  system 
begins  at  $7,250. 


WorldCom’s  Ebbers 
Charged  With  Fraud 

Bernard  Ebbers,  the  former  CEO 
of  WorldCom  Inc.,  last  week  was 
charged  with  conspiracy  and  se¬ 
curities  fraud  in  connection  with 
accounting  misstatements  of 
$11  billion  at  his  former  company. 
Scott  D.  Sullivan,  WorldCom's 
former  chief  financial  officer, 
pleaded  guilty  to  charges  in  the 
same  indictment  and  agreed  to 
cooperate  with  prosecutors,  the 
U.S.  Department  of  Justice  said. 


Short  Takes 

PEOPLESQFT  INC.  said  its  Enter- 
priseOne  8.10,  due  to  be  released 
this  quarter,  will  run  on  RED  HAT 

INC.’s  distribution  of  Linux _ 

GATEWAY  INC.  said  it  plans  to  cut 
approximately  1,000  employees 
from  its  workforce  over  the  next 
several  months.  Gateway  ended 
2003  with  7,500  employees, 
down  from  11,000  at  the  end 
of  2002. 


Mixing  Voice  and  Data 
Staffs  Can  Be  Volatile 


Clashes  hamper 
efforts  to  support 
converged  nets 

BY  MATT  HAMBLEN 

LAKE  BUENA  VISTA.  FLA. 

HE  POPULARITY  of 
voice-over-IP  sys¬ 
tems  is  growing,  but 
some  IT  managers 
are  wrestling  with  the  process 
of  merging  their  voice  and 
data  communications  staffs, 
according  to  attendees  at  last 
week’s  VoiceCon  2004  confer¬ 
ence  here. 

Voice  and  data  staffs  histori¬ 
cally  have  been  separate  with¬ 
in  companies,  often  operating 
in  different  units  with  their 
own  cultures,  bosses  and  phys¬ 
ical  locations.  More  than  50 
VoiceCon  attendees  showed 
up  at  a  birds-of-a-feather  ses¬ 
sion  on  organizing  telecommu¬ 
nications  and  data  communi¬ 
cations  staffs  to  support  con¬ 
verged  networks,  and  several 
IT  managers  testified  that  try¬ 
ing  to  unify  the  two  sides  can 
be  excruciating. 

“Every  day  I  feel  like  firing 
somebody,”  said  an  IT  manag¬ 
er  who  works  at  a  trucking 
and  transportation  conglom¬ 
erate  and  asked  not  to  be  iden¬ 
tified.  She  said  an  ongoing 
blending  of  the  company’s 
voice  and  data  staffs  has  led  to 
frequent  battles  among  work¬ 
ers  over  their  roles  in  the 
combined  unit. 

Putting  voice  and  data 
workers  together  is  “a  huge 
culture  change,”  said  an  IT 
manager  who  works  at  a 
health  care  company  and  also 
asked  to  remain  anonymous. 
“You  can’t  just  quickly  tell  a 
person,  ‘Here  is  your  new  job. 
Sit  down  and  get  started.’  ” 

Training  is  key,  said  several 
conference  attendees  who 
have  been  through  the  process, 
including  some  who  said  they 
feel  that  they  have  successfully 
handled  the  combination  of 
their  voice  and  data  staffs. 


“It’s  working  out  for  us,” 
said  David  Stever,  manager 
of  communication  technology 
services  at  PPL  Services  Corp., 
an  energy  utility  in  Allentown, 
Pa.  PPL  started  planning  for 
voice  and  data  convergence 
about  six  years  ago,  so  it  had 
time  to  sort  through  problems 
and  plan  carefully,  he  said. 

As  a  result  of  the  conver¬ 
gence,  60  employees  who  for¬ 
merly  were  dedicated  to  either 
voice  or  data  networks  now 
work  together  to  handle  all 
types  of  communications 
needs  in  three  integrated 
groups:  infrastructure  and 
planning,  application  design 


BY  ROBERT  MCMILLAN 

Taking  the  per-employee  pric¬ 
ing  model  it  introduced  last 
September  a  great  leap  for¬ 
ward,  Sun  Microsystems  Inc. 
last  week  said  it’s  readying  a 
per-citizen  licensing  plan  for 
countries  using  its  Java  Enter¬ 
prise  System  and  Java  Desktop 
System  software. 

Under  the  new  plan,  cus¬ 
tomers  such  as  government 
agencies  and  possibly  interna¬ 
tional  aid  groups  would  pay 
one  of  three  per-citizen  rates 
for  software  licenses  annually. 
The  rate  would  be  tied  to  a 
country’s  ranking  by  the  Unit¬ 
ed  Nations  Department  of 
Economic  and  Social  Affairs, 
which  puts  countries  into  one 
of  three  classifications:  more 
developed,  less  developed 


H  If  someone 
wants  to 
pirate  software, 
we  would  rather 
they  pirate  ours. 

STEVE  B0RCICH,  SUN 


and  operations.  There  is  also  a 
separate  IT  department  that 
has  about  300  workers  who 
handle  data  needs  not  directly 
related  to  communi¬ 
cations,  Stever  said. 

At  SouthTrust 
Bank,  the  telephony 
division  initiated  a 
VoIP  project  in  2000, 
and  voice  and  data 
workers  were  cross- 
trained  to  do  each  other’s  jobs, 
said  Stanley  Adams,  group  vice 
president  of  network  services 
at  the  Birmingham,  Ala.-based 
bank,  which  has  700  offices  in 
nine  states.  The  employees 
now  work  side  by  side  in  oper¬ 


and  least  developed. 

A  government  looking  to 
provide  e-mail  or  a  Web  appli¬ 
cation  to  its  citizens  would 
pay  around  40  cents  per  citi¬ 
zen  in  a  country  classified  as 
“least  developed.”  In  a  “more 
developed”  country  like  the 
U.S.,  pricing  would  be  closer 
to  $5  per  citizen,  said  Steve 
Borcich,  executive  director  for 
Java  Enterprise  Systems  and 
security  marketing  at  Sun. 

The  licensing  model  would 
also  depend  on  whether  a  cus¬ 
tomer  buys  server  or  desktop 
software.  The  Java  Enterprise 
System  —  a  bundle  of  Sun’s 
server  software  products,  in¬ 
cluding  its  directory,  applica¬ 
tion  and  portal  servers  — 
could  be  installed  only  by  the 
government  that  signed  the 
deal.  Therefore  a  server  li¬ 
cense  purchased  by  a  national 
government  wouldn’t  cover 
municipal  governments. 

Any  citizen  of  the  licensed 
country  would  have  the  right 
to  install  the  Java  Desktop 
System,  which  includes  Star- 
Office  applications  and  a  Lin¬ 
ux  operating  system. 


ations,  engineering  and  sup¬ 
port.  “It  was  a  cultural  change 
and  it  took  time,  but  it  increas¬ 
es  flexibility,”  Adams  said. 

Donald  Van  Doren,  presi¬ 
dent  of  Vanguard  Communica¬ 
tions  Corp.,  a  consulting  firm 
in  Morris  Plains,  N.J.,  said  the 
complexity  of  combining  voice 
and  data  staffs  is  a  big  concern 
for  some  of  his  clients.  “The 
heritage  of  data  and  voice  guys 
is  just  different,” 
he  said.  “It’s  in  the 
DNA.” 

Van  Doren  said  an 
organizational  struc¬ 
ture  similar  to  PPL’s 
is  an  effective  way 
to  start,  with  staffers 
assigned  to  support  the  net¬ 
work  infrastructure,  applica¬ 
tions  or  endpoint  devices  such 
as  phones  and  PCs.  The  latter 
group  also  can  be  put  in  charge 
of  end-user  support,  he  said. 
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Sun  expects  to  roll  out  the 
new  licensing  plan  in  time  for 
its  JavaOne  developer  confer¬ 
ence  in  San  Francisco  in  June. 

Sun  would  essentially  rely 
on  an  honor  system  to  enforce 
its  desktop  licenses,  said  Bor¬ 
cich,  who  acknowledged  that 
it  would  be  very  difficult  to 
control  software  piracy  under 
the  system.  “We  don’t  want  to 
advocate  piracy,  and  we’d  cer¬ 
tainly  like  to  make  revenue,” 
he  said.  “But  if  someone  wants 
to  pirate  software,  we  would 
rather  they  pirate  ours,  and 
Java  in  general,  than  some  oth¬ 
er  competing  technology.” 

Per-citizen  licensing  is  a 
novel  approach  to  capturing 
more  of  the  $13.9  billion  world¬ 
wide  government  software 
market,  as  governments  in¬ 
creasingly  focus  on  open- 
source  software,  said  Rishi 
Sood,  an  analyst  at  Gartner  Inc. 

“There  certainly  needs  to 
be  a  reorientation  of  how  U.S. 
technology  companies  can 
look  to  [developing]  countries 
and  adopt  their  products  and 
services  to  meet  [those  coun¬ 
tries’]  unique  economic  cir¬ 
cumstances,”  Sood  said. 
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McMillan  writes  for  the  IDG 
News  Service. 


Sun  Plans  Per-Citizen 
Pricing  for  Governments 


MORE  ONLINE 

Pure  VoIP  and  systems  that 
mix  IP  and  circuit-switched 
technologies  are  both  viable, 
say  VoiceCon  attendees: 
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Betty  Johnson 
Vice  President  of  IT 

The  NIA  Group  of  Cos.,  Santa  Cruz,  CA 


Great  Moments  at  Work. 

Success  Stories  of  an  IT  Hero 


Betty  Johnson  is  vice  president  of  information 
Technology  at  The  Nonprofits  Insurance 
Alliance  (NIA)  Group  of  Companies,  which 
provides  liability  insurance  for  501(c)(3) 
charitable  nonprofit  organizations  in  17  states 
and  Washington,  D.C.  To  her  staff,  she's  an 
IT  hero. 

Her  challenge:  to  design  a  system  that  fully 
integrated  the  Group's  claims  and  underwriting 
processes.  "We  needed  to  streamline  our 
organizational  processes  and  make  it  easier  for 
our  staff  to  do  their  jobs,"  she  says. 

Her  response  was  NIAC2000,  a  modular,  fully 
integrated  underwriting  and  claims  processing 
system.  This  system's  capabilities  capture 
both  structured  and  unstructured  data,  and  its 
intuitive  graphical  user  interface  makes 
NIAC2000  a  pleasure  to  use.  Incorporating  all 
lines  of  the  Group's  existing  business,  NIAC2000 
also  makes  it  simple  to  add  other  modules,  such 
as  finance  and  marketing. 

Since  deploying  NIAC2000  in  early  2001, 

NIA  Group  has  greatly  increased  its  productivity. 
The  result?  A  300  percent  rise  in  insurance 
premium  revenues,  but  only  an  85  percent 
increase  in  staff. 

Great  Moment  at  Work: 

"Seeing  the  satisfaction  of  staff.  That's  who  we, 
IT,  work  for." 

Microsoft  Office  System  salutes  those 
who  have  done  great  work  in  the  IT  field. 
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Debate  Continues  Amid  Backlash 


Offshoring 

IT  decision-makers 
deal  with  political, 
emotional  issues 

BY  PATRICK  THIBODEAU 

LAS  VESAS 

Although  the  backlash  from 
offshore  outsourcing  is  doing 
little  to  slow  the  accelerating 
trend,  it’s  increasingly  notice¬ 
able  at  conferences  attended 
by  managers  who  make  and 
execute  offshoring  decisions. 

The  focus  on  political  and 
emotional  issues  associated 
with  offshoring  is  turning  por¬ 
tions  of  these  conferences, 
such  as  the  Outsourcing 
Strategies  2004  confab  here 
last  week,  into  a  mix  of  pep 


talks  and  gripe  sessions.  Also, 
fewer  users  are  willing  to  ap¬ 
pear  on  conference  panels  to 
talk  about  offshore  work,  and 
some  are  canceling  appear¬ 
ances.  Deals,  once  touted  by 
vendors,  are  often  no  longer 
publicly  announced. 

One  IT  manager  who  said 
he  was  wrestling  with  an  out¬ 
sourcing  decision  raised  his 
hand  at  a  conference  session 
and  asked,  “How  do  I  justify  it 
to  myself?” 

The  justification  is  complex. 
The  manager,  who  asked  not 
to  be  named,  was  advised  by 
panelists  to  ensure  that  the 
economics  are  compelling. 
And  he  heard  the  frequently 
expressed  view  that  job  loss  is 


a  fact  of  life  that  requires  an 
adaptable  workforce.  Accord¬ 
ing  to  that  line  of  thinking,  the 
U.S.  sheds  thousands  of  jobs 
annually  for  a  variety  of  rea¬ 
sons  unrelated  to  offshore 
work,  such  as  productivity  im¬ 
provements  gained  from  tech¬ 
nology.  It’s  an  article  of  faith  at 
offshore  outsourcing  confer¬ 
ences  that  the  U.S.  economy  is 
dynamic  and  that  innovation 
will  generate  jobs. 

What’s  not  in  dispute  is  cor¬ 
porate  interest  in  offshoring. 
The  political  controversy  “is 
not  changing  or  slowing  the 
impact  to  our  business,”  said 
Michel  Janssen,  a  consultant  at 
The  Everest  Group,  a  Chicago- 
based  firm  that  advises  buyers 


of  outsourcing  services.  “The 
trend  is  just  happening  faster 
and  faster.” 

Strong  Emotions 

But  that  doesn’t  make  it  easier. 
“It  is  emotional  for  lots  of  peo¬ 
ple,”  said  David  Elmo,  presi¬ 
dent  and  chief  op¬ 
erating  officer 
of  Corbus  LLC. 

“Backlash  connotes 
emotion.” 

Dayton,  Ohio- 
based  Corbus  is 
an  outsourcer  that 
does  development  work  in  In¬ 
dia.  But  the  company  says  it 
has  an  approach  to  mitigate 
some  of  the  backlash  while 
delivering  savings  through  a 


process  it  calls  “microsourc¬ 
ing.”  The  process  focuses  on 
select  IT  functions,  particular¬ 
ly  where  there  are  backlogs, 
and  not  entire  departments. 

Elmo  argues  that  companies 
can  outsource  too  much  and 
leave  themselves  vulnerable  to 
changes  in  business  processes. 
“I  think  we  have  to  take  re¬ 
sponsibility  for  what’s  hap¬ 
pening,  and  I  think 
we  have  to  think  it 
through,”  he  said. 

Stamford,  Conn.- 
based  Gartner  Inc. 
earlier  this  month 
said  the  trend  is  in 
fact  toward  selec¬ 
tive  sourcing  of  IT  and  busi¬ 
ness  processes,  characterized 
by  smaller  agreements  and 
fewer  unwieldy  megadeals. 
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MORE  ONLINE 

For  more  on  this  topic, 
visit  our  Outsourcing 
Knowledge  Center: 
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Continued  from  page  1 

Agile  IT 

dozen  attendees  at  Meta 
Group  Inc.’s  Metamorphosis 
conference  here  last  week. 

“It’s  a  lot  easier  to  identify 
the  ‘what’  than  it  is  the  ‘how,’  ” 
said  Salim  Nuraney,  director 
of  architecture  at  Ontario  Lot¬ 
tery  and  Gaming  Corp.,  a 
Toronto-based  government 
agency  that  runs  lottery  and 
casino  operations  for  the 
province  of  Ontario. 

Meta  analysts  preached 
about  the  need  for  more  IT 
adaptability  and  the  complexi¬ 
ty  of  achieving  it.  Nuraney  and 


Correction 

The  name  of  Palo  Alto  Research 
Center  Inc.  principal  scientist 
Feng  Zhao  was  misspelled  in  the 
March  1  story  “Sense  This.”  Also, 
the  information-driven  sensory- 
querying  algorithm  with  which 
Zhao’s  team  is  experimenting 
would  enable  sensors  to  au¬ 
tonomously  task  themselves  to 
collect  and  transmit  information 
based  on  the  usefulness  of  the 
information.  As  edited,  the  story 
incorrectly  stated  that  the  algo¬ 
rithm  would  enable  users  to  task 
the  sensors  to  collect  and  trans¬ 
mit  data  based  on  its  usefulness. 


other  conference  attendees 
generally  agreed  with  the  con¬ 
sulting  firm’s  contention  that 
IT  managers  have  to  do  a  bet¬ 
ter  job  of  training  their  staffs 
to  react  to  changing  business 
requirements,  make  their  tech¬ 
nology  cost  structures  more 
variable  and  meld  the  systems 
that  support  individual  busi¬ 
ness  units  into  more  cohesive 
enterprise  architectures. 

End-User  Resistance 

Several  IT  managers  at  the 
conference  cited  resistance  by 
end  users  to  organizational 
and  business  process  changes 
as  a  key  impediment.  “The  last 
thing  end  users  want  to  hear  is 
another  great  idea  that  came 
from  IT,”  said  Lisa  Yeo,  CIO 
for  the  Multnomah  County 
government  in  Portland,  Ore. 

Yeo  noted  that  some  county 
agencies  still  want  to  maintain 
separate  systems  and  IT  archi¬ 
tectures,  despite  the  efficien¬ 
cies  and  cost  savings  that  could 
be  achieved  by  managing  sys¬ 
tems  under  a  single  architec¬ 
ture.  “We’re  trying  to  show 
them  how  sharing  common 
systems  and  platforms  would 
help  us  countywide,”  she  said. 

In  addition,  some  attendees 
said  it’s  hard  to  ignore  de¬ 
mands  from  revenue-generat¬ 
ing  business  units  for  specific 
systems  or  applications,  even 
if  the  technology  doesn’t  fit 


Which  of  the  following  describes 
your  IT  department’s  plan  for  becoming 
an  adaptive  organization? 


Has  a  broad 
initiative  in  place 


Already 


Plans  to  pursue 
adaptive  capa¬ 
bilities  on  a 
targeted  basis 


Has  no  plans  to 
focus  on  becoming 
more  adaptive 


to  become 
more  adaptive 
but  is  unsure 
how  to  proceed 


:  More  than  600  IT  managers  at  North  American  companies,  surveyed  late  last  year 


SOURCE:  META  GROUP  INC.,  STAMFORD.  CONN. 


within  a  wider  IT  strategy. 

Meanwhile,  according  to  a 
Meta  Group  survey  of  300- 
plus  IT  and  business  man¬ 
agers  that’s  due  to  be  released 
next  month,  the  biggest  barri¬ 
ers  cited  by  the  respondents 
were  a  lack  of  staff  support 
and  the  need  to  make  too 
many  changes  to  internal  busi¬ 
ness  processes. 

It  can  also  be  tough  to  align 
IT  with  business  goals  if  busi¬ 
ness  unit  managers  aren’t  will¬ 
ing  to  devote  enough  attention 
to  projects  aimed  at  serving 
their  needs.  “Business  users 
still  don’t  want  to  give  up  their 


time  and  get  engaged  in  proj¬ 
ects,”  said  Alex  Sinclair,  direc¬ 
tor  of  client  services  at  the  Ot¬ 
tawa-based  Canadian  Security 
Intelligence  Service,  Canada’s 
equivalent  to  the  U.S.  Depart¬ 
ment  of  Homeland  Security. 

An  applications  manager  at 
a  large  Midwestern  manufac¬ 
turer,  who  requested  anonymi¬ 
ty,  said  he  thinks  his  compa¬ 
ny’s  IT  department  already 
does  a  good  job  of  aligning 
with  its  business  units  to  un¬ 
derstand  their  needs.  But,  he 
added,  the  only  way  to  be¬ 
come  a  truly  adaptive  IT  orga¬ 
nization  as  defined  by  Meta 


“is  that  you  really  need  to  stop 
the  ship.  You  can’t,  so  the 
challenge  is  trying  to  do  this 
while  the  ship  is  in  motion.” 

That  task  is  further  compli¬ 
cated  by  the  fact  that  many 
understaffed  IT  departments 
are  struggling  just  to  manage 
day-to-day  operations,  he  said. 

AAA  of  Northern  California 
plans  to  become  more  adap¬ 
tive  by  rolling  out  a  suite  of  IT 
portfolio  management  tools 
from  ProSight  Inc.  to  25  busi¬ 
ness  and  IT  project  managers 
this  month.  The  system  will  be 
extended  to  another  175  busi¬ 
ness  unit  leaders  and  project 
coordinators  by  summer,  said 
San  Retna,  director  of  portfo¬ 
lio  and  program  management 
at  the  San  Francisco-based 
AAA  affiliate. 

The  portfolio  management 
capabilities  are  expected  to 
help  the  IT  department  antici¬ 
pate  and  react  to  business  de¬ 
mands  more  effectively.  “It’s 
like  developing  the  sensors  to 
make  your  central  nervous 
system  work,”  Retna  said. 
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Government  IT  managers  say  building 
adaptive  systems  poses  challenges: 
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Read  a  Q&A  with  Meta  Group  CEO 
Fred  Amoroso: 

QuickLink  45188 
www.computerworld.com 


FREE  White  Paper! 

"Determining  Total  Cost  of  Ownership 
for  Data  Center  and  Network 
Room  Infrastructure" 

Just  mail  or  fax  this  completed  coupon 
or  contact  APC  for  your  FREE  white 
paper,  'Determining  Total  Cost  of 
Ownership  for  Data  Center  and 
Network  Room  Infrastructure.' 

Also  receive  our  FREE  InfraStruXure" 
brochure.  Better  yet,  order  both  today 
at  the  APC  Web  site! 

http://promo.apc.com 

(888)  289-APCC  x3098  •  FAX:  (401)  788-2797 
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How  to  Contact  APC 

Call:  (888)  289-APCC 

use  the  extension  on  the  reverse  side 

Fax:  (401)  788-2797 

Visit  http://promo.apc.com 
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Problems?  Solved. 
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InfraStru  ure 


POWER  RACK  COOLING 


Ori-demand  architecture  for  network- 
criticaf  physical  infrastructure 


From  system  downtime  to  cabling  messes, 
new  APC  InfraStruXure  solves  your  IT  problems 


You  no  longer  need  to  design  your  data  center  using  a  costly,  complicated 
approach.  Introducing  APC  InfraStruXure'",  on-demand  architecture  for  network- 
critical  physical  infrastructure  (NCPI).  Whether  you  are  designing  a  wiring  closet  or 
even  a  large  data  center,  InfraStruXure 's  modular  archi¬ 
tecture  quickly  and  easily  solves  your  top  IT  problems. 

With  InfraStruXure;  you  can: 


Turn  System  Downtime  into 
SYSTEM  AVAILABILITY 

•  Rack  enclosures  provide  a  secure 
environment  for  all  IT  equipment 


Turn  Complicated  Systems  into 
EASY-TO-USE  SOLUTIONS 

•  Vendor-neutral  racks  are  compatible 
with  equipment  from  all  major  vendors 


•  Integrated  cooling  system  ensures 
optimal  equipment  performance 

•  Proactive  management 
of  the  system  prevents 
potential  problems 

•  Built-in  redundancy  means 
no  need  to  buy  a  second  UPS 


•  InfraStruXure" eliminates  the  need 
for  raised  floors  and  extensive 
engineering 

•  You  buy  only  what  you  need  now, 
with  the  option  to  easily  expand 

•  Configure-to-Order  process  ensures 
you  get  the  solution  that  is  right 
for  you 


To  find  out  more,  visit  us  today  at  www.apc.com. 


Results  from  an  actual  InfraStruXure”  installation: 

>  Standardization  reduced  human  error  by  60%  * 

>  Equipment  and  management  costs 
reduced  by  20%  * 

>  Enhanced  security  and  systems  stabilization 

*Dependmg  on  the  installation,  individual  results  may  vary 


We  wanted  an  upgradeable 
solution  that  could  scale  through 
changes  and  still  offer  us  long-term 
value.  InfraStruXure's  modular 
approach  makes  it  easy  to  upgrade 
anytime...  The  hot-swappable,  mod¬ 


ular  components  of  InfraStruXure 
make  maintenance  easy  and  cost  effective. 


-  Vince  Pombo,  Vice  President  of  Engineering 
Rich  Flanders,  Director  of  Engineering 

Time  Warner  Cable 


Visit  httpV/pmojpc£om  Key  Code  p996y  •  Call  888-289-APCC  *3098  •  Fa*  401-788-2797  Legendarv  Reliabilitv 

©2004  American  Power  Conversion  Corporation.  All  Trademarks  are  the  property  of  their  owners.  E-mail:  esupport@apcc.com  •  132  Fairgrounds  Road,  West  Kingston,  Rl  02892  USA  ISX1  A4EF-USc 


■8  COMPUTERWORLD  March  8, 2084 


NEWS 


www.computerworld.com 


Fidelity  National  Revamps  IT  With  Single-Vendor  Tack 


BY  LUCAS  MEARiAN 

Fidelity  National  Financial  Inc.  has  un¬ 
dertaken  a  four-year  project  to  replace 
its  distributed,  multivendor  computing 


environment  with  a  centralized  infra¬ 
structure  based  on  IBM  technology. 

Jacksonville,  Fla.-based  Fidelity  Na¬ 
tional  said  the  project,  which  is  costing 


“tens  of  millions”  of  dollars,  will  en¬ 
able  the  company  to  increase  speed 
and  reduce  management  complexity  in 
its  mortgage  division,  which  processes 
$8  trillion  in  loans  every  night  for  the 
nation’s  largest  banks. 

Joe  Nackashi,  Fidelity  National’s 
chief  technology  officer,  said 
the  existing  infrastructure  is 
built  around  two  IBM  eServ- 
er  zSeries  900  mainframes 
and  800  to  1,000  servers. 

Those  systems  run  a  range 
of  distributed  client/server 
applications,  including  Mi¬ 
crosoft  Corp.  SQL  Server 
and  Oracle  Corp.  databases. 

The  plan  is  to  consolidate 
those  systems  onto  three 
new  IBM  eServer  zSeries 
990  T-Rex  mainframes  run¬ 
ning  IBM’s  DB2  database. 

The  project  also  involves 
streamlining  Fidelity  Na¬ 
tional’s  communications 
with  member  banks  by 
means  of  a  portal-based  sys¬ 
tem  built  with  IBM’s  Web¬ 
Sphere  middleware  and  its 
Rational  Unified  Process  methodology 
—  a  set  of  software  development  best 
practices. 

“Clearly,  from  our  perspective,  we 
will  need  fewer  people  to  manage  and 
develop  the  environment.  So  you’re  go¬ 
ing  to  see  a  clear  ROI,”  Nackashi  said. 

No  Vendor  Finger- Pointing 

By  choosing  a  single  vendor,  Nackashi 
said  he’s  able  to  move  away  from  “the 
complexities  of  a  client/server  distrib¬ 
uted  world”  and  to  simplify  vendor  ac¬ 
countability.  “You  know  how  it  goes 
when  you  have  all  the  vendors  doing 
all  the  finger-pointing,”  he  said. 

Guillermo  Kopp,  an  analyst  at 
TowerGroup  in  Needham,  Mass.,  said 
that  in  the  past  several  years  there  has 
been  steady  growth  in  the  amount  of 
IT  dollars  financial  services  companies 
are  spending  to  replace  legacy  systems. 
The  driver  is  cost  containment. 

In  2004,  system  revamps  will  repre¬ 
sent  $41.8  billion,  or  12%,  of  a  total 
$347.2  billion  that  financial  services 
companies  are  expected  to  invest  in  IT 
worldwide,  Kopp  said.  In  2000,  by  com¬ 
parison,  legacy  transformations  repre¬ 
sented  less  than  10%  of  total  IT  dollars 
spent  by  the  industry,  Kopp  said. 

For  every  dollar  saved  on  IT  infra¬ 
structure,  there’s  $7  to  be  saved  in  op¬ 
erational  business  expenses  because 
many  legacy  processes  are  convoluted, 


19  need  fewer 

people  to  man¬ 
age  and  develop 
the  environment. 
So  you’re  going 
to  see  a  clear  ROI. 


JOE  NACKASHI,  CTO, 
Fidelity  National 


require  manual  intervention  and  often 
create  errors,  Kopp  said. 

Fidelity’s  current  Cobol-based  mort¬ 
gage  processing  system  has  “signifi¬ 
cant  lines  of  code,”  which  is  a  chal¬ 
lenge  to  manage  when  adding  func¬ 
tionality,  Nackashi  said.  And  although 
70%  of  the  system’s  processes  operate 
in  real  time,  customers  are  asking  for 
more  services-oriented  architectures 
with  increased  functionali¬ 
ty  and  scalability. 

Fidelity’s  IT  revamp  fol¬ 
lows  a  trend  among  the 
country’s  largest  financial 
companies  to  install  sys¬ 
tems  with  greater  process¬ 
ing  capacity  to  improve 
transaction  performance 
and  cut  costs.  But  not  all  fi¬ 
nancial  institutions  are  tak¬ 
ing  the  same  approach. 

Charles  Schwab  &  Co.  in 
San  Francisco  went  live  in 
December  with  a  Linux- 
based  grid-computing  sys¬ 
tem  in  an  effort  to  speed  up 
some  of  its  compute-inten¬ 
sive  investment  manage¬ 
ment  applications. 

David  Dibble,  executive 
vice  president  of  technolo¬ 
gy  services  at  Charles  Schwab,  said 
he’s  glad  “the  last  three  years  are  be¬ 
hind  us,”  referring  to  the  financial 
downturn  and  the  fact  that  financial 
services  companies  are  now  starting  to 
be  able  to  invest  more  in  IT. 

“We’re  quite  good  at  generating  self¬ 
funding  projects.  By  deploying  Linux 
across  our  Schwab.com  site,  we’ve 
been  able  to  save  millions,  which  we’ve 
been  able  to  invest  back  into  our  infra¬ 
structure,”  Dibble  said.  “You  may  have 
to  spend  money  to  save  money.” 

©  45063 
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GAO  Faults  IT  Security  at  Agriculture  Dept. 


BY  TOQD  R.  WEISS 

The  U.S.  Department  of  Agri¬ 
culture  has  “significant,  perva¬ 
sive  information  security  con¬ 


trol  weaknesses”  stemming 
from  the  lack  of  a  fully  imple¬ 
mented  IT  security  manage¬ 
ment  program,  according  to  a 


report  from  the  U.S.  General 
Accounting  Office. 

The  33-page  report  [Quick- 
Link  a4110  for  PDF],  released 


last  week,  strongly  criticizes 
the  USDA  for  security  weak¬ 
nesses,  which  potentially  leave 
its  proprietary  information, 
payroll  and  financial  transac¬ 
tions,  agricultural  and  market¬ 
ing  data,  and  other  informa- 


|  tion  “at  increased  risk  of 
unauthorized  disclosure,  mod¬ 
ification  or  loss,  possibly  with¬ 
out  being  detected.” 

To  tighten  the  agency’s  IT 
security,  the  GAO  report  rec¬ 
ommends  that  a  top-to-bottom 
security  management  program 
be  implemented,  including  im¬ 
proved  controls  on  network 
boundaries,  network  access, 
mainframe  access  and  overall 
system  access  management  to 
better  show  who  is  using  the 
agency’s  IT  systems. 

Unmet  Goals 

The  GAO  acknowledged  that 
the  USDA  has  made  some 
progress  since  2000,  when  it 
recommended  that  the  USDA 
develop  and  document  a  strat¬ 
egy  for  improving  information 
security.  But  it  was  critical  of 
the  extent  of  that  progress. 

“Agency  security  personnel 
have  lacked  the  management 
involvement  needed  to  effec¬ 
tively  implement  security  pro¬ 
grams,”  while  “three  agencies 
[inside  the  USDA]  have  not 
completed  any  of  the  required 
risk  assessments”  that  were 
laid  out  for  them  previously, 
according  to  the  report.  “Secu¬ 
rity  controls  have  been  tested 
and  evaluated  for  less  than 
half  of  the  department’s  sys¬ 
tems  in  the  past  year.” 

Scott  Charbo,  CIO  at  the 
USDA,  couldn’t  be  reached 
for  comment.  But  in  a  reply  to 
the  GAO,  Charbo  said  that  the 
report  “accurately  reflects  is¬ 
sues  and  concerns  identified 
by  the  GAO”  and  that  he  con¬ 
curs  with  the  need  to  improve 
the  agency’s  IT  security. 

Robert  Dacey,  director  of  in¬ 
formation  security  issues  at 
the  GAO,  last  week  declined 
to  comment  further  on  the 
document. 

The  GAO  also  found  that  the 
USDA’s  network  “does  not  pro¬ 
vide  a  secure  operating  envi¬ 
ronment”  to  support  its  users. 
“While  USDA  established  a  re¬ 
strictive  policy  to  protect  its 
agencies’  internal  networks 
from  the  Internet  by  using 
firewalls,  its  current  network 
boundary  controls  are  not 
configured  in  accordance  with 
its  security  policy  and  do  not 
provide  adequate  protection,” 
the  report  stated.  O  45167 
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i2  has  15  years  of  expertise 
in  supply  chain  and  we 
continue  to  learn  from 
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our  customers. 

i2  solutions  can  help  you  intelligently 
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to  match  available  supply  -  closing  the 
loop  between  planning  and  execution. 
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your  company  with  the  strategies  and  tactics 
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in  back-ordering  domain 
names. 

Galvin  said  he  hopes  WLS 
could  soon  be  implemented. 
“We’ve  been  working  on  this 
service  for  over  two  years,  and 
we  hope,  either  in  Rome  or 


sometime  shortly  after  that,  to 
reach  a  solution,”  he  said,  re¬ 
ferring  to  ICANN’s  meetings 
there  this  week.  O  45189 


McMillan  writes  for  the 
IDG  News  Service. 


Domain  Registrars  Sue  ICANN,  VeriSign 


BY  ROBERT  MCMILLAN 

Just  a  day  after  being  sued  by 
VeriSign  Inc.  over  delays  in 
approving  a  new  service  for 
back-ordering  Internet  do¬ 
main  names  [QuickLink 
45059],  ICANN,  the  organiza¬ 
tion  that  controls  the  Inter¬ 
net’s  Domain  Name  System, 
found  itself  being  sued  by  a 
group  of  eight  domain-name 
registrars  seeking  to  stop  the 
new  service’s  implementation. 
And  this  time,  VeriSign  was 
named  as  a  co-defendant. 

The  lawsuit,  filed  Feb.  27  in 
the  U.S.  District  Court  in  Los 
Angeles,  seeks  to  halt  the  im¬ 
plementation  of  a  VeriSign- 
backed  waiting  list  for  expired 
domain  names  called  Wait 
Listing  Service  (WLS). 

The  suit  accuses  VeriSign 
and  the  Internet  Corporation 
for  Assigned  Names  and  Num¬ 
bers,  the  nonprofit  organiza¬ 
tion  responsible  for  allocating 
IP  address  space  and  manag¬ 
ing  top-level  domains,  of 
“planning  to  implement  a 
scheme  to  dupe  consumers 
into  buying  domain  names  the 
consumers  will  never  be  able 
to  register,  and  an  unlawful 
and  fraudulent  protection 
racket.” 

Back-Ordered  Domains 

Popular  domain  names  are 
often  back-ordered  and  then 
auctioned  when  they  become 
available  again.  According  to 
Bill  Mushkin,  CEO  of  Name.- 
com  LLC,  one  of  the  registrars 
behind  the  lawsuit,  while  cus¬ 
tomers  may  pay  a  relatively 
high  fee  for  a  back-ordered 
domain  —  which,  on  average, 
costs  $30  to  $60  —  they  pay 
for  the  domains  only  when 
they  actually  obtain  them. 

Under  the  WLS  system, 
back-ordered  domains  would 
be  awarded  on  a  first-come, 
first-served  basis,  but  cus¬ 
tomers  would  pay  an  annual 
fee  to  back-order  the  domain, 
regardless  of  whether  it  be¬ 
came  available  for  purchase 
during  the  year,  Mushkin  said. 

ICANN  failed  to  return  calls 
seeking  comment  by  press 
time. 

While  VeriSign  declined  to 


comment  directly  on  the  suit, 
citing  company  policy  against 
discussing  ongoing  litigation, 
Tom  Galvin,  VeriSign’s  vice 


president  of  government  rela¬ 
tions,  defended  the  WLS  sys¬ 
tem,  saying  it  would  help  re¬ 
move  the  uncertainty  involved 
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I  HS:  Dumb,  Huge,  Slow 


F  YOU’VE  BEEN  AT  ALL  WORRIED  that  the 
Department  of  Homeland  Security  might  be 
doing  something  worth  paying  attention  to, 
rest  easy.  When  it  comes  to  having  any  signifi- 

through  a  handful  of 
powerful  lobbying 
groups,  the  most  promi- 


cant  impact  on  corporate 
IT  security  plans,  the 
$36  billion  federal  agen¬ 
cy  has  been  monumen¬ 
tally  ineffective. 

As  our  front-page  sto¬ 
ry  this  week  points  out, 
it’s  private-sector  com¬ 
panies  —  particularly  in 
transportation,  utilities 
and  finance  —  that  are 
driving  their  own  IT 
security  strategies  to 
protect  the  nation’s  criti¬ 
cal  infrastructures.  Without  any 
push  from  the  DHS,  for  example,  the 
Rail  Industry  Security  Committee  is 
busy  sharing  best  practices  for  both 
physical  and  cybersecurity.  In  the 
natural  gas  industry,  same  story. 

“All  of  the  initiatives  are  industry- 
driven,”  says  Gary  Gardner,  CIO  of 
the  American  Gas  Association. 

Given  that  the  private  sector  owns 
and  operates  85%  of  the  critical  in¬ 
frastructure  that  keeps  our  lights  on 
and  water  flowing,  this  may  seem 
like  the  natural  course  of  events.  But 
at  least  part  of  the  fantasy  behind 
spending  billions  of  our  tax  dollars 
on  the  DHS  was  to  create  an  agency 
that  could  orchestrate  a  public/ 
private  collaboration  on  security 
matters.  “I  think  largely  we’ve 
dropped  the  ball,”  says  Richard 
Clarke,  former  chairman  of  the 
President’s  Critical  Infrastructure 
Protection  Board. 

CIOs  and  senior  IT  executives 
would  no  doubt  agree.  They’ve  all 
noticed  that  there  are  no  incentives 
in  the  1-year-old  “National  Strategy 
to  Secure  Cyber  Space”  plan  for  pri¬ 
vate  industry.  No  tax  credits.  No 
cost  sharing.  No  real  reason  to  care. 

The  companies  that  do  care,  how¬ 
ever,  are  computer  industry  vendors 
and  service  providers.  They  influ¬ 
ence  DHS  strategy  and  direction 
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nent  being  the  Informa¬ 
tion  Technology  Associ¬ 
ation  of  America.  Their 
agendas  boil  down  to 
this:  Prevent  any  new 
government  regulations 
or  reporting  require¬ 
ments  that  would  man¬ 
date  changes  in  IT  prod¬ 
ucts.  So  far,  mission  ac¬ 
complished. 

For  its  part,  the  DHS  has  man¬ 
aged  to  stay  in  the  headlines  with  a 
steady  supply  of  screw-ups.  In  July 
2003,  the  Homeland  Security  ge¬ 
niuses  signed  a  deal  for  $90  million 
worth  of  Microsoft  software  just  as 
yet  another  critical  security  flaw  in 
Windows  was  everywhere  in  the 
news  [QuickLink  39989].  Around 
that  time,  perhaps  coincidentally, 
the  status  of  the  cybersecurity  job 
once  held  by  Clarke  fell  so  many 
rungs  down  the  political  ladder  that 
it  ended  up  in  cyberobscurity. 

Then,  last  August,  a  report  from 


the  General  Accounting  Office,  the 
investigative  arm  of  Congress,  docu¬ 
mented  what  a  pitiful  job  the  DHS 
was  doing  in  its  security  informa¬ 
tion-sharing  efforts  with  state  and 
local  authorities  [QuickLink  40907]. 
Not  that  the  DHS  wasn’t  trying.  Its 
newly  appointed  CIO,  Steven  Coop¬ 
er,  was  quoted  last  summer  giving 
advice  to  the  fast  food  industry  about 
how  to  help  raise  public  awareness 
[QuickLink  42809].  They  could  set 
out  cybersecurity  pamphlets  on 
their  counters,  he  suggested.  (Would 
you  like  fries  with  that?) 

The  almost  comical  lack  of  coor¬ 
dination  between  the  agency  and  its 
partners  drew  the  spotlight  again  in 
late  January,  with  the  announcement 
of  a  cyber  alert  system  that  elicited  a 
collective  “Say  what?”  from  private 
industry  partners  who  discovered 
that  they  weren’t  in  the  DHS  loop 
after  all  [QuickLink  44417]. 

Just  a  few  weeks  ago,  the  agency’s 
latest  brainstorm  was  a  program  to 
persuade  the  private  sector  to  share 
vulnerability  and  security  data  with 
the  government.  (Maybe  you’d  like 
fries  with  that,  too.) 

In  the  meantime,  you  can  safely 
continue  to  pay  no  attention  to  the 
little  men  behind  the  curtain  at  the 
DHS.  All  they’re  doing  is  wasting 
their  time  and  our  money.  ©  45207 
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Reusable 
Integration 
With  an  SOA 


Many  web  services 
are  merely  APIs 
wrapped  up  in  some 
Web  interfaces;  they  can  make 
only  single-point  connections 
to  legacy  systems.  They  are 

but  a  shadow  compared  with  the  larger 
vision  embodied  in  a  service-oriented 
architecture  (SOA),  which  is  able  to 
establish  reusable  components  and 
functionality  by  using  XML  [see 
QuickStudy,  QuickLink  44708]. 

With  an  SOA,  you  can  look  into  an 
XML-based  request,  open  messages  on 
the  fly  in  runtime  and  check  details. 

For  example,  if  you’ve  got  an  order  en¬ 
try  system  that’s  dumping  messages 
into  an  SAP  back-end  system,  you  can 
pay  attention  to  discrete  parts  of  the 
messages  to  accom¬ 
modate  different 
business  partners. 

Some  of  the  mes¬ 
sages’  contents 
might  be  routed  to 
specific  servers,  or 
orders  above  a  cer¬ 
tain  dollar  amount 
might  be  flagged  for 
special  handling. 

It’s  this  ability  to 
address  the  details, 
in  combination  with 
an  SOA’s  reusable 
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components,  that  has  drawn  the  atten¬ 
tion  of  IT  experts  at  Seattle-based 
health  care  provider  Providence 
Health  System.  Recently,  Providence 
was  faced  with  the  task  of  hooking  to¬ 
gether  all  of  its  different  systems  hold¬ 
ing  patient  records,  billing  informa¬ 
tion  and  insurance  data.  And  of 
course,  each  detailed  record  would 
have  to  be  sheltered  so  that  the  wrong 
people  couldn’t  gain  access  to  person¬ 
al  information. 

But  Mike  Reagin,  Providence’s  di¬ 
rector  of  R&D,  has  lots  of  legacy  appli¬ 
cations  to  support  and  integrate.  One 
of  his  biggest  challenges  has  been 
dealing  with  traditional  enterprise 
application  integration  suppliers. 
They’ve  typically  called  the  shots  re¬ 
garding  how  and  when  EAI-based 
transactions  would  occur,  and  Reagin 
has  needed  developers  familiar  with 


Can  your 
network 
think 
for  itself? 


AT&T  APPLICATION  AWARE  NETWORK.  Can  your  network  make  decisions?  Can  it  be  proactive? 
Anticipate  your  needs?  Resolve  its  own  issues?  Defuse  problems  before  they  happen?  AT&T  designs 
user-centered  networks  that  intelligently  monitor  events  across  systems  and  applications,  resulting 
in  faster  diagnosis  and  automatic  restoration.  Which  adds  up  to  less  downtime  for  your  mission 
critical  applications,  and  more  time  for  your  I.T.  department  to  think  about  other  things. 
So.  .  . CAN  YOUR  NETWORK  DO  THIS?  For  a  positive  answer,  just  call  1-888-889-0234. 
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True  network  intelligence 
changes  the  game  for  customers. 
AT&T’s  Application-Aware 
Network  will  be  built  on  a  single, 
global  photonic  infrastructure 
that  automates  and  simplifies 
every  application  by  providing 
built-in  network  intelligence 
that  anticipates  user  needs, 
diagnoses  and  self-heals  to 
keep  the  network  running 
smoothly.  Now  that’s  more 
than  just  simple  -  it’s  smart. 

•  Applications  will  be 
dynamically  deployed  to 
maximize  server  utilization 
and  performance,  improving 
the  customer  experience  and 
reducing  capital  investments. 

•  It  will  anticipate  peak  usage 
with  the  intelligence  to 
handle  spikes  in  demand  by 
automatically  allocating 
anticipated  capacity. 


AT&T’s  forward-thinking 
solutions  stay  one  step  ahead 
of  your  network’s  needs 


AT&T  is  taking  the  intelligence  and  technological  power  of  the  network  and 
centering  it  on  the  user’s  applications.  It  will  be  “application-aware,”  serving 
the  enterprise’s  needs  in  real-time  so  that  every  demand  is  anticipated  and 
met;  every  business  objective  satisfied.  The  enterprise  will  retain  full  control 
over  its  own  applications,  and  can  constantly  monitor  its  performance  to 
assure  things  are  running  as  expected. 

The  Application-Aware  Network  will  have  the  ability  to  deploy  an  application 
to  the  appropriate  server  as  well  as  manage  the  load  balancing  across  multiple 
servers  to  maximize  results.  When  an  application  is  no  longer  needed,  those 
resources  will  be  made  available  to  other  applications.  Reliability  and  business 
continuity  will  be  achieved  by  deploying  applications  across  a  number  of 
servers  and  across  a  number  of  nodes. 

The  network  will  take  advantage  of  new  technologies  to  provide  a  shared, 
standards-based  infrastructure  for  deploying,  integrating  and  operating 
mission-critical  applications.  Customers  will  benefit  from  the  economies  of 
scale  achieved  by  leveraging  a  shared  infrastructure  and  also  benefit  by  only 
paying  for  the  resources  actually  used  -  while  knowing  that  the  capacity  is 
available  to  handle  spikes  in  demand. 


•  It  will  reduce  cost  by 
leveraging  operational 
support  infrastructure  (i.e. 
systems,  people,  etc.). 

•  It  will  provide  hands-free, 
end-to-end  flow  through 
process,  enabling  AT&T  to 
deliver  services  to  customers 
in  real-time,  ultimately,  with 
zero  cycle  time  and  zero 
defects. 


HOSSEIN  ESLAMB0LCH1,  PRESIDENT  OF  AT&T  LABS,  AT&T  CTO  AND 
AT&T  CIO,  IS  DRIVING  THE  CREATION  OF  AT&T’S  APPLICATION-AWARE 
NETWORK,  AND  IS  CONTINUALLY  RECEIVING  HIGH  ACCLAIM  FOR  HIS 
NETWORKING  VISION  OF  THE  FUTURE.  HERE’S  WHAT  A  FEW  OTHERS 
HAVE  TO  SAY... 


•  The  #  1  Mover  and  Shaker  in  the  Telecommunications  Industry  for  his 
vision  of  creating  a  flexible,  multi-service  network  edge  with  the 
capability  for  customers  to  self-provision  services.  LightReading.com 


•  Hossein  was  recognized  by  the  Executive  Council  of  New  York  as  one 
•  Reliability,  security  and  of  the  top  10  innovators  of  2003. 

business  continuity  will  be 
infused  into  every  layer. 


For  more  information,  contact  your  AT&T 
Representative,  or  visit  www.att.com/networking. 
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the  nuts  and  bolts  of  the  legacy  systems. 

“The  situation  made  it  difficult  to 
build  a  patient  portal,”  says  Reagin. 
Now  Providence  is  using  an  SOA  ap¬ 
proach  for  application  integration  from 
Cupertino,  Calif.-based  Infravio  Inc. 
The  development  platform  uses  Web 
services  and  a  library  created  by  devel¬ 
opers  using  Java.  The  developer  cre¬ 
ates  only  what’s  needed  at  a  particular 
time  rather  than  trying  to  connect  an 
entire  system. 

“The  first  time  we  need  access  to 
some  type  of  information,  we  create  a 
call  that  we  can  then  reuse,”  says  Rea¬ 
gin.  Providence  is  able  to  manage  in¬ 
formation  in  discrete  units,  so  a  patient 
record  requested  by  a  doctor  is,  from 
an  IT  perspective,  the  same  as  infor¬ 
mation  about  diabetes  that’s  pushed  to 
someone  whose  patient  record  notes 
his  condition. 

This  approach  is  of  real  benefit.  It 
means  that  lab  results  can  contain  in¬ 
surance  information  that  should  be 
viewable  to  a  billing  department  while 
withholding  health  data  that  should  be 
available  only  to  the  doctor  or  another 
approved  health  worker. 

With  the  SOA  approach,  Provi¬ 
dence  has  been  able  to  build  compo¬ 
nents  designed  to  fetch  just  the  infor¬ 
mation  that’s  needed  by  a  particular 
person,  rather  than  stapling  together 
legacy  systems  that  remain  inflexible. 

O  45043 

DAN  GILLMOR 


Offshoring 
And  Lowered 
Expectations 


O 


NE  OF  THE  BEST 
things  about  living  and 
working  in  Silicon  Val¬ 
ley  is  the  quality  of  the  peo¬ 
ple.  I’m  frequently  the  least- 
knowledgeable  person  in  the 

room,  and  probably  the  stupidest.  I  get 
to  learn  from  the  ultrasmart  and  cre¬ 
ative  folks  I  meet. 

So  why  do  I  have  an  uneasy  feeling 
these  days  about  the  place,  even  as  an 
Economic  recovery  for  the  technology 
industry  starts  to  gather  steam? 

One  factor  abounds  with  irony.  A 
few  years  ago,  I  wondered  if  the  Valley 
was  sowing  the  seeds  of  its  demise  by 
creating  the  communications  and  col- 
aboration  tools  that  would  make  it 
nuch  less  necessary  to  be  there  in  a 


physical  sense.  The  near- 
unanimous  consensus  at  the 
time  among  the  top  people 
in  the  field  was  that  the  Val¬ 
ley  had  nothing  to  worry 
about. 

I  never  entirely  bought 
their  faith,  though  the  Val¬ 
ley  has  repeatedly  shown  an 
ability  to  rebound  to  new 
heights  after  deep  economic 
downturns.  The  recent  evi¬ 
dence,  notably  the  surge  of 
offshoring,  makes  me  ask 
again  —  about  the  Valley 
and  the  entire  nation. 

And  I  wonder  if  something  is  gen¬ 
uinely  different  now. 

Intel  CEO  Craig  Barrett  put  his  fin¬ 
ger  on  it  a  few  weeks  ago  when  he 
stopped  by  my  newspaper  for  a  long 
chat  with  some  reporters  and  editors. 
What’s  new  this  time,  he  told  us  in  a 
persuasive  way,  is  the  nature  of  the 
global  workforce. 

For  the  first  time  in  human  history, 
Barrett  said,  a  truly  gigantic  pool  of 
well-educated,  technically  adept  and 
eager-to-please  labor  is  being  created. 


This  pool  of  talent,  which 
will  include  hundreds  of 
millions  of  people  in  China 
and  India  (many  of  whom 
speak  English  fluently),  has 
another  characteristic:  a 
willingness  to  work  for  a 
fraction  of  what  Americans 
expect. 

This  is  not  because  they 
like  living  poorly.  It’s  be¬ 
cause  local  conditions  and 
currency  exchange  rates 
make  what  would  seem  like 
a  pauper’s  salary  here  a 
highly  attractive  one  there. 

The  U.S.  largely  came  to  grips  with  a 
similar  crisis  in  low-end  manufactur¬ 
ing.  We  moved  up  the  value  chain  as  a 
society,  painful  as  this  was  for  the  less- 
educated,  hardworking  people  who 
lost  middle-class  jobs  and  had  to  settle 
for  lower-paid  service  employment. 

How  high  can  we  move  on  the  value 
chain  now? 

I  travel  widely.  One  thing  I  know  for 
sure  is  that  Silicon  Valley  and  the  U.S. 
have  no  monopoly  on  brains  or  energy. 
We  do  have  an  advantage  in  promoting 


a  culture  of  risk,  of  entrepreneurialism. 
But  other  places  are  beginning  to 
adopt  even  that  value,  too. 

The  spectacle  of  politicians  promot¬ 
ing  trade  wars  in  the  name  of  stem¬ 
ming  job  losses  is  disturbing,  if  under¬ 
standable.  I  wish  they’d  devote  that  en¬ 
ergy  to  telling  the  harder  truth:  that  the 
U.S.  will  need  to  buckle  down  in  un¬ 
precedented  ways,  with  vast  new  in¬ 
vestments  in  education  and  infrastruc¬ 
ture,  plus  a  new  commitment  to  the 
best  aspects  of  entrepreneurialism. 

We  may  be  facing  big  trouble  in  the 
near  term,  no  matter  what  we  do. 

That’s  the  kind  of  news  few  politicians 
dare  deliver. 

Barrett,  running  for  no  office,  offered 
a  hard  truth.  As  he  gave  his  litany  of 
why  conditions  truly  are  different  this 
time,  we  asked  if  this  suggested  a  gen¬ 
eration  of  lowered  expectations  in  the 
U.S.  “It’s  tough  to  come  to  another  con¬ 
clusion  than  that,”  he  replied.  O  45077 
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Savvy  Users  Will  Drive  Linux  Adoption 


Pimm  FOX  is  right  that  IBM's 
Linux  ad  strategy  is  a  good  one 
[“How  Super  Bowl  Ads  Help  Linux," 
QuickLink  44474],  but  he  left  out  an 
important  reason. 

Those  of  us  who  remember  the 
Microsoft  client/server  takeover  of 
IBM's  mainframe-centric  business- 
computer  market  know  that  it  didn't 
come  about  as  a  result  of  corporate 
IT  strategy.  It  came  about  because 
Windows  provided  a  comfortable 
and  easy-to-use  environment  in 
which  groundbreaking  tools  like 
WordPerfect,  Lotus  1-2-3  and 
dBase  could  generate  real  produc¬ 
tivity  improvements  and  cost  sav¬ 
ings,  and  because  the  peer-to-peer 
networking  in  Windows  for  Work¬ 
groups  allowed  end  users  to  work 
quickly  and  cooperatively  with 
shared  data  without  hassling  with 
the  corporate  IT  red-tape  mill.  ITs 
adoption  of  Microsoft  software  and 
the  new  architecture  was  really  dri¬ 
ven  by  survival  instincts. 

The  point  is  that  adoption  was 
driven  from  the  desktop,  not  from 
the  boardroom  or  the  IT  depart¬ 
ment.  That’s  why  it  makes  sense  to 
evangelize  the  masses.  That’s  also 
why  I  think  Red  Hat’s  recent  abdi- 


|  cation  of  the  desktop  to  others  was 
a  stunning  strategic  error.  Linux 
adoption  will  be  heavily  driven  by 
techno-sawy  end  users  who  under¬ 
stand  the  philosophical  and  eco¬ 
nomic  reasons  behind  open-source. 
If  the  desktop  comes  in  a  green  box, 
so  will  the  server  software. 

George  H.  Yeager 
Chief  technology  officer, 
Columbus,  Ohio 


A  Loss  of  Prosperity 

IN  MACROECONOMIC  terms,  for¬ 
eign  outsourcing  is  nothing  more 
than  profiteering  on  the  spread  be¬ 
tween  the  wages  and  benefits  paid 
to  U.S.  workers  and  the  wages  of 
the  most  desperate  and  vulnerable 
people  on  earth  who  can  be  herded 
into  office  buildings  in  Third  World 
economies. 

In  political  terms,  foreign  out¬ 
sourcing  is  the  most  blatant  attack 
on  workers’  rights  and  the  most  se¬ 
vere  threat  to  the  existence  of  the 
middle  class  and  the  Social  Security 
system  in  U.S.  history. 

In  sociological  terms,  foreign 
outsourcing  will  result  in  a  dramatic 
polarization  of  U.S.  society,  divided 


between  the  massive  numbers  who 
will  see  their  livelihoods  ruined  by 
outsourcing  and  the  wealthy  few 
who  will  profit  immensely  from  it. 

Great  men  of  the  past  built  a  so¬ 
ciety  that  is  the  envy  of  the  world 
by  inventing  ways  to  increase  the 
level  of  prosperity  enjoyed  by  all. 
Now  a  cadre  of  intellectual  and 
moral  midgets  has  discovered  how 
to  profit  by  strip-mining  that  hard- 
won  prosperity. 

Pardon  me  and  a  few  others  if 
we  don't  celebrate  their  little  discov¬ 
ery  or  if  we  regard  these  business 
experts  as  cynical,  shortsighted, 
self-serving  fools. 

John  S.  Powers 
Software  engineer,  General 
Dynamics  Corp.,  Fairfax,  Va. 


Political  Shuffling 

David  moschella  describes 
Sen.  John  Kerry's  condemna¬ 
tion  of  job  outsourcing  as  mere  “po¬ 
litical  rhetoric”  [“Political  Rhetoric 
Has  Run  Amok,"  QuickLink  44718], 
How  would  he  describe  the  state¬ 
ment  by  Greg  Mankiw,  chairman  of 
the  White  House  Council  of  Eco¬ 
nomic  Advisors,  that  this  practice  is 
good  for  America?  Kerry  may  mere¬ 
ly  be  making  campaign  promises, 


but  thousands  of  laid-off  workers 
can  hardly  find  comfort  in  insensi¬ 
tive  statements  from  the  White 
House.  Moschella  seems  to  ignore 
that  cruel  statement  by  the  govern¬ 
ment,  while  he  criticizes  Kerry  for 
defending  American  workers. 
Bassey  Essien 

Systems  administrator,  Atlanta 

SO  SEN.  KERRY  criticizes  loop¬ 
holes  that  let  “some  Benedict 
Arnold  CEO"  send  jobs  overseas. 
Well,  who  put  those  loopholes  into 
the  law?  I  suspect  it  was  the  U.S. 
Congress,  in  passing  more  special- 
interest  legislation. 

Charles  J.  Lingo 
Denham  Springs,  La. 

COMPUTERWORLD  welcomes 
comments  from  its  readers.  Letters 
will  be  edited  for  brevity  and  clarity. 
They  should  be  addressed  to  Jamie 
Eckle,  letters  editor,  Computerworld, 
PO  Box  9171, 500  Old  Connecticut 
Path,  Framingham,  Mass.  01701. 
Fax:(508)879-4843. 

E-mail:  letters@computerworld.com. 
Include  an  address  and  phone  num¬ 
ber  for  immediate  verification. 

OFor  more  letters  on  these  and 
other  topics,  go  to 

www.computerworld.com/letters 
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Visual  Studio 


Visual  Studio.NET  2003  can  cut  development  time 
by  two-thirds,  giving  you  more  time  to  think. 

Got  a  big  idea?  Visual  Studio®  .NET  2003  delivers  higher 
productivity,  helping  you  turn  that  big  idea  into  reality 
faster  than  you  ever  thought  possible.  Want  proof? 
Visual  Studio  .NET  enabled  Xerox  Global  Services  to 
bring  the  v2.0  release  of  its  CentreWare  Web  software 
to  market  in  one-third  the  time  compared  to  their 
previous  development  platform.  To  find  out  how  Visual 
Studio  .NET  2003  can  help  you  quickly  turn  your  big 
ideas  into  reality,  visit  msdn.microsoft.com/visual/think 


Q&A 

A  Host’s  Preparations 

The  CEO  of  the  largest  Web  hosting  outfit 
in  Europe  tells  Computer-world  what  tech¬ 
nology  his  company  uses  to  serve  its  cus¬ 
tomers  and  what  he  thinks  a  Web  hosting 
company  can  do  for  businesses.  Page  30 


FUTURE  WATCH 

Putting  the  New  in  News 

In  the  future,  news  delivery  will 
involve  interactive  multimedia 
presentations  featuring  content 
tailored  to  the  tastes  of  individual 
readers.  Page  34 
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SECURITY  MANAGER’S  JOURNAL 

This  is  Your  Attacker  Calling 

Hacker  attacks  on  computer  net¬ 
works  get  all  the  attention,  but 
Vince  Tuesday  finds  that  social 
engineering  ploys  by  phone  are 
a  more  difficult  challenge.  Page  38 


HUMANA  IS  DEVELOPING  ADVANCED 
ANALYTICAL  MODELS  TO  HELP 
CONTROL  COSTS,  IMPROVE  SERVICE 
AND  IDENTIFY  BUSINESS  OPPORTU¬ 
NITIES.  BY  GARY  H.  ANTHES 


Humana  inc.  says  it’s  leading 
the  health  benefits  industry 
into  a  new  world  in  which  the 
focus  will  shift  from  employ¬ 
ers,  doctors  and  hospitals,  where  it  has 
been  for  decades,  to  consumers.  The 
company  says  it  can  better  serve  its  mem¬ 
bers  by  giving  them  greater  choice  and 
greater  control  over  their  health  and 
health  benefits. 

But  giving  consumers  choices  — 
and  pricing  those  choices  optimally  — 
requires  analytic  tools  of  unprecedented 
sophistication  to  make  sense  of  terabytes 
of  health  care  data.  Humana  is  developing 
such  tools  and  eventually  hopes  to  patent 
them.  Its  tools  use  algorithms  developed 
jointly  by  epidemiologists,  engineers, 
economists,  mathematicians  and  —  liter¬ 
ally  —  rocket  scientists. 

If  consumers  are  at  the  top  of  Hu¬ 
mana’s  strategy  pyramid  and  analytic 
models  are  in  the  middle,  then  computer 
technology  forms  the  base.  The  $13  bil¬ 
lion,  Louisville,  Ky. -based  company  has 
put  together  an  IT  infrastructure  that 
serves  up  data  to  analytic  modelers  and 
recycles  the  results  of  those  models  back 
into  a  3.5TB  data  warehouse.  The  data 
store  supports  a  vast  array  of  users,  in¬ 
cluding  claims  processing  and  billing  per¬ 
sonnel;  patients’  employers,  doctors  and 
hospitals;  the  rocket  scientists;  personal 
nurses  working  from  home;  and  Hu¬ 
mana’s  6.8  million  consumers  of  medical 
insurance  and  medical  care. 

“The  purpose  of  the  industry  in  the 
past  was  generally  unlinked  to  the  end 


REPORT 


riri  n  OBJECTjv:  To  mine 

IkLU  and  model  terabytes  of 

data  for  insights  that 
boost  income,  reduce 
costs  and  improve  the  health  of  Humana's 
members. 

challenges.-  Traditional  statistical 
models  are  inadequate;  data  floods  from 
heterogeneous  legacy  systems  must  be 
scrubbed  and  merged. 

payoff  Predictive  model  gives  at-risk 
members  heads-up  on  looming  illnesses. 


user,”  says  Dr.  Jack  Lord,  a  physician  and 
Humana’s  chief  innovation  officer.  “It 
tended  to  focus  on  itself,  and  on  employ¬ 
ers  acting  in  sort  of  a  benefactor  role  to 
employees.  The  result  was  a  consumer 
and  public  push-back.” 

It  was  a  simpler  world  then,  Lord  says, 
one  in  which  health  insurance  companies 
managed  costs  by  “supply-side  interven¬ 
tions”  with  employers,  doctors  and  hospi¬ 
tals.  Traditional  actuarial  tools  were  quite 
adequate.  “You’d  say,  ‘I’m  going  to  forecast 
tomorrow’s  weather  based  on  yesterday’s.’ 
It  was  always  a  historic  look,”  he  says.  “If 
you  live  in  that  space,  you  never  want  to 
move;  but  if  you  stand  still,  you  can  never 
influence  the  net  cost  of  health  care.” 

Now  the  name  of  the  game  is  “choose 
and  use,”  says  Carol  McCall,  director  of 
the  Center  for  Health  Metrics  in  Hu¬ 
mana’s  Innovation  Center.  Humana  has 
models  to  formulate  and  price  health  in¬ 
surance  plans.  These  predict  who  will 
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Humana's  insight  engines  apply  ana¬ 
lytic  models  to  3.5TB  of  customer, 
claims  and  other  data  to  identify  mar¬ 
kets,  enhance  products  and  predict 
costs.  The  following  are  the  four  en¬ 
gines  Humana  has  completed,  plus  a 
fifth,  SimHealth,  that’s  in  development. 

SmartStart  Plus 

GOAL:  Predict  the  consumer’s 
choice  of  benefit  plan;  explore  bene¬ 
fit/contribution  strategies. 

APPROACH:  Models  consumers 
as  “rational  agents”  that  evaluate 
plans  and  trade  off  costs,  benefits  and 
risks  to  pick  the  best  plan. 


Predictive  Modeling 

GOAL:  Predict  future  high-cost 
(illness-prone)  members;  improve 
customer  relations. 

APPROACH:  Combines  medical 
knowledge,  engineering  methods 
(asynchronous  signal  processing, 
nonlinear  dynamic  time  series)  and 
computer  science  (learning  algo¬ 
rithms,  advanced  visualization) 

(■L  ■p'""'! 

Impact  Tool 

GOAL:  Evaluate  effectiveness  of 
programs;  analyze  consumer  behavior. 

APPROACH:  Creates  control 
and  test  groups  on  the  fly  for  dynamic 
analysis  of  clinical  and  financial 
results. 


Insight  Tool 

GOAL:  Enhance  pricing  and  under¬ 
writing  competitiveness;  early  detec¬ 
tion  of  trends. 

APPROACH:  Uses  historical  data 
and  predictions  of  individuals’  future 
health  to  identify  patterns  and  drivers 
of  health  care  costs,  including  early 
trend  and  anomaly  detection  at  the 
employer,  market  and  provider  levels. 

SimHealth 

GOAL:  Simulate  consumer  choice 

and  behavior  via  self-evolving  models. 

- - - 
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APPROACH:  In  development 

now,  SimHealih  uses  “rules  of  the 
m  game’  (weighted  consumer  objec¬ 
tives)  to  evaluate  afferent  benefits- 
plan/consumer  scenarios.  Evolves  us¬ 
ing  the  results  o'  other  models,  genetic 
algorithms  and  agent-based  modeling. 


Data  from  claims 
processing  and  other 
systems  goes  through,  an 
extract,  transform  and  load 
process  and  passes  on  to 
the  operational  data  store 
(ODS)  and  enterprise  data 
warehouse  (EDW). 


Dataflows 
from  the 

EDW  to  the  model¬ 
ers  in  the  Center  for 
Health  Metrics. 
Model  results 
go  back  to  the 
EDW  for  input  to 
other  models,  and 
to  the  ODS,  where 
users  can  access 
it  over  a  Web  link. 


choose  a  given  program,  how  they  will 
use  it  and  what  it  will  cost  the  compa¬ 
ny.  Humana  even  has  a  model  that  pre¬ 
dicts  who  will  become  catastrophically 
ill  so  it  can  intervene  and  try  to  head 
off  those  illnesses.  Although  Humana 
has  not  yet  published  the  results,  it 
says  the  new  model  has  already  shown 
costs  savings  for  the  company  while 
saving  money  and  improving  health 
for  the  at-risk  members. 

This  year,  Humana  plans  to  develop 
an  iibermodel,  which  draws  on  these 
predictive  and  analytic  tools,  that 
could  send  the  company  in  directions 
it  can’t  at  present  anticipate.  For  exam¬ 
ple,  the  iibermodel  could  discover  a 
major  customer  grouping  that  has 
been  overlooked. 

The  models  do  more  than  simply  ex¬ 
trapolate  from  the  past  using  classical 
statistical  methods  such  as  regression, 
according  to  McCall.  “There  need  to 
be  new  disciplines  around  predictive 
and  behavior  sciences,”  she  says.  In¬ 
deed,  McCall’s  group  is  using  com¬ 
plexity  theory,  agent-based  modeling, 
genetic  programming  and  other  “new 
science”  esoterica.  It  also  uses  Markov 
models,  Bayesian  learning  networks 
and  pattern  recognition  techniques 
borrowed  from  military  and  space  pro¬ 
grams,  in  which  torrents  of  data  are 
sluiced  for  tiny  nuggets  of  information 
that  may  be  good  predictors. 

McCall’s  group  has  developed  four 
predictive  and  analytical  models  that  it 
calls  insight  engines.  This  year,  it’s 
working  on  a  fifth  model,  called  Sim¬ 
Health,  that  will  combine  results  from 
the  other  models.  Rather  than  making 
static  predictions,  SimHealth  will  pro¬ 
duce  scenarios  that  evolve  during  the 
simulation. 

“It’s  one  of  those  things  where  no¬ 
body  knows  the  answer,  but  they’ll 
know  it  when  they  see  it,”  McCall  says. 
“So  you  want  to  use  what’s  called  inter¬ 
active  evolution.  You  have  a  model  — 
it’s  like  SimCity  —  and  you  run  scenar¬ 
ios.  You  say,  ‘I  like  that  scenario,’  and 
you  press  the  big  button  and  evolve  it.” 

Common  Vision 

Bruce  J.  Goodman,  senior  vice  presi¬ 
dent  and  chief  service  and  information 
officer,  says  one  of  the  challenges  he 
faced  when  he  came  to  Humana  five 
years  ago  was  figuring  out  how  to  pull 
together  information  from  many  differ¬ 
ent  stovepipe  systems,  integrate  it  and 
position  it  for  use  by  a  number  of  con¬ 
stituencies.  “We  had  multiple  claims 
systems  and  multiple  administrative 
systems,  so  one  of  the  challenges  was, 
how  do  you  provide  a  single  view  for 
each  of  the  stakeholders?”  he  says. 


The  answer  was  two  huge,  integrat¬ 
ed  data  stores,  one  to  feed  a  Web  por¬ 
tal  and  one  for  the  modeling  communi¬ 
ty.  An  elaborate  extract,  transform  and 
load  (ETL)  process  developed  to  feed 
the  data  repositories.  “We  decided 
which  data  elements  we  needed  for  the 
[data  stores]  and  pulled  those  systems 
together  so  we  could  promote  the 
common  view,  even  though  we  have 
disparate  systems  under  the  covers,” 
Goodman  says.  “We  were  able  to  make 
transparent  the  true  underlying  com¬ 
plexity  of  our  systems  environment.” 

The  operational  data  store  (ODS), 
an  e-business  data  mart,  drives  Hu¬ 
mana’s  Web  site,  a  single  portal  with 
separate,  secure  entrances  for  mem¬ 
bers,  corporate  customers,  providers, 
agents,  business  partners  and  employ¬ 
ees.  The  MVS-based  ODS  holds  24 
months  of  data  —  1.8TB  or  180  million 
DB2  database  rows  —  about  providers, 
employers,  members  and  their  medical 
and  pharmacy  claims. 

While  the  ODS  is  just  for  Web  users, 
the  real  information  engine  at  Humana 
is  the  AIX-  and  Oracle-based  enter¬ 
prise  data  warehouse  (EDW),  “a  com¬ 
plete  set  of  data  assets  used  to  run  the 
business,”  according  to  Bruce  Sterpka, 
a  vice  president  for  corporate  informa¬ 
tion  management  at  Humana.  The 
EDW  holds  some  3.5TB  of  data,  and 
the  largest  of  its  432  tables,  the  table  of 
medical  claims,  has  430  million  rows. 

The  central  IT  function  at  Humana 
is  claims  processing,  where  members 
seek  reimbursement  for  millions  of 
medical  and  pharmacy  outlays  each 
month.  Claims  byproducts,  which 
the  IT  people  and  modelers  call  data 
“exhaust,”  include  diagnostic  codes, 
severity  codes  and  other  information 
that  the  modelers  extract  and  use  to 
predict  illnesses,  benefits-plan  usage, 


costs  and  other  variables. 

A  Cobol  job  periodically  extracts  the 
exhaust  data  from  the  EDW  for  the 
modelers  in  Humana’s  Center  for 
Health  Metrics.  The  models  run  on 
two  four-processor  Windows  2000 
Server  machines  in  the  center.  Results 
are  stored  on  the  modelers’  own  net¬ 
work-attached  storage  system  before 
being  sent  back,  via  file  transfer  proto¬ 
col,  to  the  EDW  for  recycling  into  other 
models  and  to  the  ODS  for  Web  access. 

Modelers  code  and  test  their  models 
using  custom  C  and  C++  code  and  the 
MATLAB  development  tools  from  The 
Math  Works  Inc.  in  Natick,  Mass.  The 
models  then  go  to  IT.  “Our  key  step  is 
to  take  what  they’ve  developed  and  in¬ 
dustrialize  it,  to  make  it  bulletproof 
and  scale  it  so  we  can  run  large 
amounts  of  claims  information 
through  it,”  Goodman  says. 

IT  will  rewrite  the  models  in  Java  for 
production  runs,  says  Ramu  Kannan,  a 
director  in  corporate  information  man¬ 
agement.  That  will  make  them  more 
modular  and  will  also  make  them  capa¬ 
ble  of  providing  real-time  visualization 
of  model  output  on  the  Web,  he  says. 

IT  has  invested  $1  million  on  the 
modeling  work  so  far  and  has  eight  to 
10  people  supporting  it  full  time,  Good¬ 
man  says.  “IT  is  so  well  aligned  with 
the  business,”  he  says.  “We  anticipated 
what  we  had  to  do  to  make  the  data  ac¬ 
cessible  ...  to  enable  the  business  to 
really  take  advantage  of  the  technology 
and  move  forward.”  ©  44722 


OVERWHELMING  ETL 

When  commercial  ETL  tools  couldn't  scale  to 
Humana’s  needs,  the  company  built  its  own: 

QuickLink  44719 

Healing  the  Healthy:  Predictive  modeling  helps 
Humana  treat  customers  before  they  get  sick: 

QuickLink  44720 
www.computerworld.com 


CAN  YOUR  SOFTWARE  TELL  YOU  WHICH  ONE? 


Business  Service  Management  solutions  from 
BMC  Software®  can.  In  fact,  they  let  you  predict 
critical  performance  problems  and  resolve  them 
before  they  ever  impact  your  business.  And  you 
can  prioritize  IT  management,  investments  and 
resource  allocations  to  optimize  your  business 
performance.  So  you  can  solidly  align  your  IT 
investments  with  strategic  business  goals. 


And  protect  the  delivery  of  vital  business  services 
like  sales,  customer  service,  online  transactions, 
logistics  and  distribution — whatever  is  most 
critical  to  your  company's  success.  It's  enterprise 
management  software  that  works  with  your  existing 
IT  resources  to  let  you  manage  what  matters  from 
a  business  perspective  and  execute  with  precision. 
Find  out  how  at  www.bmc.com/bsm28 


©  2003  BMC  Software  Inc, 
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Visil  www.ibm.com/pc/salecompuling  periodically  lor  the  latest  information  on  sate  and  effective  computing.  Warranty  Information:  For  a  copy  of  applicable  product  warranties,  write  to:  Warranty  Information,  P.O.  Box  12195,  RIP,  NC 
27709,  Attn:  Dept.  JDJA/B203.  IBM  makes  no  representation  or  warranty  regarding  third-party  products  or  services.  All  offers  subject  to  availability.  IBM  reserves  the  right  to  alter  product  offerings  and  specifications  at  any  time,  without  notice. 
IBM  is  not  responsible  for  photographic  or  typographic  errors.  ‘Prices  do  not  include  tax  or  shipping  and  are  subject  to  change  without  notice.  Reseller  prices  may  vary.  'Mobile  Intel  Pentium  processors  feature  Intel  SpeedStep®  technology. 
With  Intel  SpeedStep,  processor  speed  may  be  reduced  to  conserve  battery  power.  !11a,  11b  and  1 1  g  wireless  are  based  on  IEEE  802.11a,  802.11b  and  802.1 1  g,  respectively.  An  adapter  with  lla/b  or  lla/b/g  can  communicate  on  either  or 
any  of  these  listed  formats  respectively;  the  actual  connection  will  be  based  on  the  access  point  to  which  it  connects.  3Some  software  may  differ  from  its  retail  version  (if  available)  and  may  not  include  user  manuals  or  all  program  functionality. 
Software  license  agreements  may  apply.  *For  hard  drive,  GB  =  billion  bytes.  Accessible  capacity  is  less;  up  to  4GB  is  in  service  partition.  ‘Includes  battery  and  optional  travel  bezel  instead  of  standard  optical  drive  in  Ultrabay  bay,  if  applicable; 
weight  may  vary  due  to  vendor  components,  manufacturing  process  and  options.  Thinness  may  vary  at  certain  points  on  the  system.  ‘Support  unrelated  to  a  warranty  issue  may  be  subject  to  additional  charges.  These  services  are  available 
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IBM  recommends  Microsoft® 
Windows®  XP  Professional 


for  Business. 


IBM  ThinkPad  R40 


Distinctive  IBM  Innovations: 

•  Access  Connections  -  Easiest  wired 

and  wireless  connectivity  :  .  , 

•  IBM  Embedded  Security  Subsystem  2.0"- 
Strongest  security  as  a  standard  feature 

System  Features: 

•  Intel1  Centrino"1  mobile  technology 

•  Intel  Pentium1'  M  processor  1  46GHa 

*  Intel  PROAWireless  Network  Connection 

•  Microsoft  Windows  XP  Home  Edition5 
•15'  XGA  TFT  display  (1024x768) 

•128MB  DDR  SDRAM' 

•  20GB‘  hard  drive 

•  Ultrabay  Plus  CD-ROM 

•  IBM  Ultra!\lav  v  -  TrackPoint  and  touch  pad 

•  1-yr  system/battery  limited  warranty* 


$1,199* . 


NavCode  27228FU-M133 


ServicePac  Service  Upgrade: 

3-yr  Depot  Repair  #3019192  !132 


IBM  ThinkPad  T41 


Distinctive  IBM  Innovations: 

•  Access  Connections  -  Easiest  wired 
and  wireless  connectivity 

•  IBM  Embedded  Security  Subsystem  2.0  - 
Strongest  security  as  a  standard  feature 

System  Features: 

•  Intel  Centrino  mobile  technology 
•  Intel  Pentium  M  processor  1.40GH2 


Intel  PROiWireless  Network  Connection  802.11b  „  :  '  :  i.; 


•  Microsoft  Windows  XP  Professional 


•  14.1"  XGA  TFT  Display  (1024x768) 

•  256MB  DDR  SDRAM5 

•  40GB  hard  drive  with  NEW! 

IBM  Active  Protection  System 

•  Ultrabay  Slim  CD-RW/DVD-ROM  combo 

•  Only  r  thin*  •  4.5-lb  travel  weight5 

•  1-yr  system/battery  limited  warranty* 
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$1,699' 


ServicePac'  Service  Upgrade: 

3-yr  Onsite  Repa'ir/9x5/Next  Business 
Day  Response  #30L9195  s243 
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With  the  easiest  way  to  go  from  wired  to  wireless  networks, 
exploring  new  territory  can  be  a  walk  in  the  park. 

Wherever  you  want  to  work,  the  sky  is  the  limit  when  you  have  IBM  ThinkPad® 
notebooks  with  Access  Connections  software  and  wireless  Intel®  Centrino™  mobile 
technology  (on  select  models).  Now  it’s  easier  than  ever  to  switch  between  wired  and 
wireless  networks  —  whether  you’re  at  an  airport,  the  office,  an  Internet  cafe,  even 
your  kitchen.10  So  consider  the  IBM  ThinkPad  wireless  notebook,  and  experience  a 
whole  new  level  of  wireless  possibilities,  think  ffGGClOm 

t  866  426-8176  I  ibm.com/shop/m133 

Save  on  shipping.  Order  online? 


for  machines  normally  used  for  business,  professional  or  trade  purposes,  rather  than  personal,  family  or  household  purposes.  Service  period  begins  with  the  equipment  date  of  purchase.  If  the  machine  problem  turns  out  to  be  a  Customer 
Replaceable  Unit  (CRU),  IBM  will  express  ship  the  part  to  you  for  quick  replacement.  Onsite  24x7x2-hour  service  is  not  available  in  all  locations.  For  ThinkPad  notebooks  requiring  LCD  or  other  component  replacement,  IBM  may  choose  to 
perform  service  at  the  depot  repair  center.  ‘For  PCs  without  a  separate  video  card,  memory  supports  both  system  and  video.  Accessible  system  memory  is  up  to  64MB  less  than  the  amount  stated,  depending  on  video  mode.  ’Standard  shipping 
included  when  you  order  online.  U.S.  only.  “Public  wireless  access  limited.  Subscription  may  be  required  and  fees  may  apply.  "Requires  download  of  client  software.  IBM,  ThinkPad  and  ThinkCentre  are  trademarks  or  registered  trademarks  of 
IBM  Corporation  in  the  U.S.  and  other  countries.  Microsoft  and  Windows  are  trademarks  or  registered  trademarks  of  Microsoft  Corporation.  Intel,  Intel  Inside,  the  Intel  Inside  logo,  Intel  Centrino,  the  Intel  Centrino  logo,  Intel  Pentium,  Intel 
Celeron  and  Intel  SpeedStep  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  Other  company,  product  and  service  names  may  be  trademarks  or  service  marks  of  others. 
©  2004  IBM  Corp.  All  rights  reserved. 
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Europe’s  largest  Web  hosting  company 

rests  its  business  on  a  solid  technology  base. 


Already  the  biggest  Web  hosting  compa¬ 
ny  in  Europe,  l&l  Internet  Ltd.,  is  mak¬ 
ing  a  move  into  the  U.S.  market.  The 
first  step  was  an  audacious  program 
launched  in  October  that  offered  18d’s 
hosting  service  free  to  those  who  signed 
up  within  a  limited  time.  The  tactic 
worked  in  that  it  garnered  the  company 
150,000  new  customers,  but  it  seriously 
strained  l&l’s  support  resources,  accord¬ 
ing  to  CEO  Andreas  Gauger. 

Offering  the  Karlsruhe,  Ger-  life 
many,  company’s  products  at  an  I  II 
attractive  price  and  establishing 
its  brand  are  Gauger’s  current 
priorities,  and  he  says  those  efforts  must 
rest  on  rock-solid  technology.  The  com¬ 
pany  operates  four  European  data  cen¬ 
ters  with  about  22,000  high-end  servers 
running  on  a  Juniper/Cisco  network 
backbone.  With  a  temporary  data  center 
New  York,  l&l  is  building  its  first  U.S. 
facility  this  year. 

In  a  conversation  with  Computer- 
world’s  Tommy  Peterson,  Gauger  ex¬ 
plains  the  technology  necessary  to  pro¬ 
vide  99.9%  uptime  to  millions  of  cus¬ 
tomers  and  what  he  thinks  a  Web  host¬ 
ing  company  can  do  for  businesses. 

How  many  customers  do  you  have  world¬ 
wide?  About  2.8  million  for  all  prod¬ 
ucts.  About  half  of  those  are  Web  host¬ 
ing  customers  —  that’s  not  exact. 

That’s  a  lot  of  customers  to  serve.  What  kind 
of  technology  do  you  run?  Everything 
from  electricity  to  fire  protection  are 
completely  automated  processes. 
Everything  is  state-of-the-art  and  very 
redundant.  Even  our  cooling  systems 
are  completely  redundant.  For  the  U.S. 
customers,  we’re  collocated  in  a  U.S. 
data  center  that’s  pretty  good  too.  But 
we  will  build  or  buy  our  own  data  cen¬ 
ter  in  the  U.S.  this  year. 

We  have  about  20,000  servers  run¬ 
ning  right  now  in  our  data  centers.  We 
have  two  parts  of  the  technology.  One 


part  is  the  Linux-based  technology,  and 
the  other  is  Microsoft-based  products 
serving  the  Microsoft  base. 

We  have  about  95%  of  our  products 
based  on  our  Linux  technology.  We 
have  completely  rewritten  everything 
in  Linux  so  it  suits  our  needs  as  a  mass 
hosting  company  with  thousands  of 
servers. 

In  eight  years,  we  have  developed  a 
base  of  Linux  operating  systems, 
with  file  systems,  with  process 
scheduler  —  anything  that  will 
make  one  thing  happen,  give  us 
a  very  stable,  cost-effective  sys¬ 
tem.  We  use  only  standard  PC  hard¬ 
ware.  We  don’t  have  one  big  machine 
for  anything  —  just  collections  of  PCs, 
thousands  of  them.  On  top  of  that,  our 
own  Linux  distribution  is  running  that 
is  optimized  for  massive  parallel  host¬ 
ing.  On  the  Microsoft  side,  we  use  the 
newest  version  of  Server  2003,  and 
then  we  have  some  additional  adjust¬ 
ments  and  some  software  we  use  to 


ANDREAS  GAUGER 


Company:  l&l  In¬ 
ternet  Ltd.,  a  sub¬ 
sidiary  of  United 
Internet  AG 


Accomplishments:  “Born  to  be  an 
entrepreneur,”  Gauger  started  his 
first  company  in  high  school.  He 
skipped  college  because,  he  says, 
“it  takes  too  much  time.”  After 
starting  several  other  companies, 
Gauger  has  taken  l&l  to  the  top  of 
the  European  Web  hosting  market 
and  is  leading  the  company’s  cam¬ 
paign  into  the  U.S. 


make  hardware  run  better  —  but  you 
know  you  cannot  change  too  much 
about  Windows.  Then  we  have  host 
Exchange  clusters,  SQL  Server  clusters. 

To  be  able  to  offer  what  we  do  at  a 
low  price,  you  have  to  have  systems 
that  run  —  everything  very  profession¬ 
al,  everything  administered  24/7. 

So  technology  is  something  you  view  as  key 
for  the  company?  It’s  two  things.  One 
thing  is  the  technology  from  the  per¬ 
spective  that  it  should  be  rock-solid. 
Price  is  always  an  issue  with  us  —  if 
you  want  to  conquer  mass  markets, 
you  have  to  have  low  price.  On  the  oth¬ 
er  side,  we  are  also  very  innovative,  so 
the  features  we  include  in  our  Web 
hosting  product  in  that  broad  range,  I 
have  never  seen  anything  like  them 
from  a  competitor  in  the  U.S.  We  offer 
a  very  sophisticated  Web  statistic  tool 
. . .  [and]  for  the  price  point,  there’s  no 
other  offering  like  that. 

So  for  the  technology  you  run  on,  you’re 
looking  for  dependability  and  capacity,  but 
for  the  products  and  services  you  offer  to 
the  customer,  you’re  getting  your  edge  with 
innovation?  The  cost  of  our  hardware 
is  very  important  to  us.  We  don’t  buy 
big  Sun  machines,  we  don’t  buy  Net- 
Apps  filers  They  are  far  too  expensive. 
And  90%  of  the  software  we  use  is  de¬ 
veloped  in  our  shop;  it’s  very  cost- 
effective. 

What  products  and  services  are  you  offering 
now?  We  are  offering  a  complete  range 
of  personal  Web  hosting  products,  in¬ 
cluding  domain  registration  and  e-mail 
options  for  very  low  money.  And  then 
complete  Web  hosting  plans  with  very 
aggressive  pricing,  up  to  dedicated 
servers  and  e-commerce  shopping  sys¬ 
tems  —  you  can  buy  everything  you 
need  as  a  small  company  to  open  a 
business  on  the  Internet.  Medium-size 
companies  can  use  our  packages,  our 
dedicated  servers,  for  example,  to  save 
money  and  have  very  good  service. 

Are  you  giving  companies  CRM  tools  as  well 
or  hosting  their  entire  CRM  operations?  Not 

yet.  So  far  only  the  shopping  cart  and 
the  catalog  [are]  on  the  Internet. 

So  it’s  basically  order  and  order  fulfillment. 
Are  you  going  to  be  offering  CRM  in  the  fu¬ 
ture?  I  don’t  think  it  will  come  in  the 
next  month;  maybe  next  year.  We  are 
offering  some  parts  of  it  right  now 
where,  for  example,  we  have  a  new  set 
of  tools  through  which  you  can  send  a 
newsletter  to  all  your  customers.  And 
we  have  tools  where  you  can  talk  to 
customers  that  are  on  your  Web  site. 


But  a  completely  integrated  solution, 
that  we  don’t  have  right  now. 

What  can  you  do  for  large  companies? 

Right  now,  if  they  have  any  small  proj¬ 
ects,  they  can  do  them  with  us  for  al¬ 
most  no  cost.  If  you  want  to  try  out  a 
new  idea  about  a  Web  page  or  any¬ 
thing,  you  can  get  it  from  l&l,  and  it’s 
very  good  quality. 

But  the  other  side  is  that  we  are  of¬ 
fering  dedicated  servers  for  very  low 
prices.  If  a  big  company  is  deciding, 
“Oh,  should  we  host  all  the  servers  in 
our  office  and  drive  our  own  data  cen¬ 
ter  or  just  buy  10  or  50  servers  some¬ 
where  else?”  we  are  a  very  cost-effec¬ 
tive  way  to  get  storage  space,  servers 
and  security.  If  you  are  a  software  com¬ 
pany,  you  need  to  have  some  service 
for  downloads  of  software  over  the 
Internet.  You  might  not  be  very  cost- 
effective  doing  it  on  your  own. 

So  you  become  a  low-cost  testbed  for  com¬ 
panies?  If  you  ask  me  what  we  can  do 
for  big  companies,  there’s  always  the 
need  for  testing  —  get  something  run¬ 
ning  and  see  how  it  works  and  then 
maybe  stay  with  us  because  it’s  going  to 
run  faster  with  us.  On  the  other  side,  if 
you  need  amounts  of  servers  or  band¬ 
width  or  domains,  what  we  do  is  so 
much  less  expensive  than  what  other 
providers  can  offer.  Even  if  you’re  able 
to  maintain  these  services  yourself,  it 
might  be  better  to  host  them  than  to 
keep  them  in  your  own  data  center. 

How  do  you  handle  support  issues?  On  one 

side,  we  have  FAQs  on  the  Net,  or  if 
you  write  us  an  e-mail,  you  also  have 
to  go  through  the  FAQ.  That’s  how  far 
our  automation  goes  so  far.  But  if  you 
send  an  e-mail  or  if  you  call  us,  there 
are  always  support  staff  ready  to  an¬ 
swer  your  e-mail  or  your  phone  call. 
They  should  always  be  reachable  24/7. 

After  our  promotional  free  offer,  we 
were  a  little  short  [on  service  repre¬ 
sentatives],  but  we  are  digesting  that 
right  now.  On  the  last  day  of  the  offer, 
we  had  16,000  up-signs,  so  that  was  not 
easy  to  handle  on  the  support  side.  We 
have  15  people  in  the  U.S.  who  do  sup¬ 
port  already.  In  Germany  and  the  U.K., 
we  have  300  to  400  overall. 


Are  there  legal  and  regulatory  issues  that 
you  have  to  deal  with?  Not  at  all.  There 
are  no  rules  for  Web  hosting.  ©  44974 
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Take  control  of  your  Internet  security. 


Introducing  Proventia™  Enterprise  Protection  Products.  Just  because  Internet  threats  are 
complex,  doesn't  mean  your  security  has  to  be.  Finally,  a  single,  unified  protection  appliance 
that  protects  more  with  less,  eliminating  the  cost  and  chaos  of  multiple  stand-alone  security 
products.  Proventia™  centrally-managed  products  range  from  detection  up  to  completely 
unified  and  proactive  multi-function  protection  appliances,  combining  firewall,  intrusion 
prevention  and  anti-virus  technologies.  Take  control  of  your  enterprise  security.  Switch  to 
Internet  Security  Systems  today.  800-776-2362.  www.iss.net/takecontrol. 
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Dor  overweight 
database  was 
months  away  from 
crashing  due  to 
exceeding  our 
production  disk- 
space  capacity. 


LARRY  CUDA,  GLOBAL  DATA  ARCHIVING 
AND  MIGRATION  PROJECT  LEADER, 
KENNAMETALINC. 


Best  practices  in  database  archiving 
help  maintain  healthy  disk-space 
capacity  and  prevent  performance 
problems.  By  Drew  Robb 


Like  waistlines,  databases 
almost  always  grow  much 
larger  than  their  owners 
ever  imagined.  Instead  of 
too  many  carbs,  it’s  a  reg¬ 
ular  diet  of  stodgy  and 
unnecessary  transactional  information 
that  leads  to  database  obesity.  Serious 
health  problems  can  result,  such  as  dis¬ 
appearing  disk  space,  poor  performance 
and  screaming  users  upset  about  slow 
access  rates  or  queries  timing  out. 


“Our  overweight  database  was 
months  away  from  crashing  due  to  ex¬ 
ceeding  our  production  disk-space  ca¬ 
pacity,”  says  Larry  Cuda,  global  data 
archiving  and  migration  project  leader 
at  Kennametal  Inc.  in  Latrobe,  Pa. 
“Management  determined  that  we 
could  no  longer  just  keep  throwing 
more  disks  at  the  problem.” 

His  SAP  database  was  swelling  at  a 
rate  of  27GB  per  month  until  Kenna¬ 
metal  pared  it  down  using  eCONtext 


from  Ixos  Software  AG  in  Grasbrunn, 
Germany.  Transactions  that  used  to 
take  six  seconds  now  take  one,  and  the 
company  saves  an  estimated  $700,000 
annually  in  terms  of  hardware  acquisi¬ 
tion  costs  alone,  according  to  Cuda. 
The  database  maintains  a  trim  2TB  fig¬ 
ure,  with  another  terabyte  residing  in 
rapid-access  archives.  The  company 
has  an  HP-UX  64-bit  environment  for 
its  SAP  ERP  applications  as  well  as  its 
Oracle  8.1  database. 

With  so  many  competing  production 
demands  and  differing  U.S.  and  inter¬ 
national  data  retention  regulations  to 
consider,  archiving  database  informa¬ 
tion  is  never  a  quick  fix.  Companies 
must  decide  what  they  should  archive, 
how  they  should  go  about  it,  which 
tools  are  available  and  which  best 
practices  apply. 

Losing  Wait 

According  to  Meta  Group  Inc.,  data  is 
growing  at  a  rate  of  125%  per  year,  yet 
up  to  80%  of  this  data  remains  inactive 
in  production  systems,  where  it  crip¬ 
ples  performance.  “To  compound  this 
problem,  many  enterprises  are  in  the 
midst  of  compliance  initiatives  that  re¬ 
quire  the  retention  of  more  data  for 
longer  periods  of  time,  as  well  as  con¬ 
solidation  projects  that  result  in  signif¬ 
icant  data  growth,”  says  Charlie  Garry, 
senior  program  director  at  Stamford, 
Conn.-based  Meta  Group. 

A  laundry  list  of  regulations  makes 
any  archiving  endeavor  an  extremely 
complex  affair:  The  Sarbanes-Oxley 
Act,  SEC  Rule  17a,  the  Health  Insur¬ 
ance  Portability  and  Accountability 
Act  and  a  host  of  other  rules  have 
transformed  information  management 
into  a  minefield  of  potential  liability. 

The  legal  ramifications  of  not  having 
a  way  to  archive  information  from 
databases  can  be  grim.  But  there  are 
also  production  reasons  for  formulat¬ 
ing  and  activating  an  archiving  strate¬ 
gy  rapidly.  Apart  from  running  out  of 
disk  space  as  Kennametal  experienced, 
companies  report  problems  such  as 
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Database  Arch  ivi  ng  Advice 


Achieve  corporate  and  end-user  buy-in  early 
in  the  process. 


Archive  before  data  volume  creates  noticeable 
performance  problems  or  requires  unanticipated 
expenditures  for  storage  or  memory. 


Evaluate  the  potential  effect  of  your  archiving  project 
on  business  processes.  Adopt  a  business-process  and 
legal  view,  not  a  technology-focused  approach. 


Set  a  data  retention  policy  that’s  tailored  to  each 
country  you  do  business  in.  Integrate  these  policies 
into  one  archiving  system. 


6  Establish  service-level  agreements  with  the  user  com¬ 
munity  for  access  to  active  and  inactive  transactions. 


Enforce  data  retention  based  on  a  published 
central  retention  document. 


8  Retain  application  transparency  for  users,  regardless 
of  where  the  data  resides. 


9  Back  up  your  archive  database  after  you  archive. 


total  system  outages  when  the  database 
requires  too  much  processing,  backup 
failures  when  there’s  too  much  data  to 
back  up  in  the  available  window,  and 
transactions  timing  out  as  they  search 
through  millions  of  records. 

At  Southwest  Gas  Corp.  in  Las  Ve¬ 
gas,  inventory  tables  contained  5  mil¬ 
lion  rows  and  a  human  resources  table 
included  60  million  rows.  “The  more 
data  you  have  in  production,  the  slow¬ 
er  the  database  grows,”  says  Luca 
Cotrone,  a  systems  analyst  at  South¬ 
west  Gas.  “Users  complained  of 
queries  taking  a  long  time.” 

Cotrone  implemented  Applimation 
Archiver  from  Applimation  Inc.  in 
New  York  for  an  Oracle8i  database  that 
was  growing  at  a  rate  of  1GB  per 
month.  The  database  has  now  stabi¬ 
lized  at  about  100GB.  Archiving  of  one 
general-ledger  table,  for  example, 
saved  18GB.  Searches  are  down  from 
several  minutes  to  a  few  seconds. 

Unlike  Kennametal,  which  sets  poli¬ 
cies  for  archive  automation,  Southwest 
Gas  relies  on  manual  archiving.  Each 
month,  a  database  adminis¬ 
trator  spends  30  minutes  se¬ 
lecting  files  to  archive.  The 
decision  is  based  on  the  age 
of  the  files  in  the  inventory 
application  database.  For 
example,  those  that  are  old¬ 
er  than  30  months  could  be 
moved  from  the  production 
system  to  the  less  expensive  Applima¬ 
tion  data  store.  These  files  can  be  ac¬ 
cessed  by  the  user  transparently  from 
the  original  application. 

Tape  Not  the  Answer 

Running  a  bulging  database  is  rarely  a 
desirable  option,  and  in  most  cases 
neither  is  purging  onto  tape  —  once  a 
common  practice.  With  purging,  re¬ 
covery  must  be  performed  manually 
and  is  extremely  time-consuming. 
“Once  you  purge  Oracle,  users  no 
longer  have  access  to  the  data,”  says 
Lois  Hughes,  a  senior  business  systems 
analyst  at  Tektronix  Inc.,  a  test  mea¬ 


surement  and  monitoring  business  in 
Beaverton,  Ore.  “International  finance 
regulations  also  meant  that  legally, 
purging  would  have  to  be  paralleled 
by  archiving.” 

Since  the  company  operates  in  27 
countries,  decisions  about  what  to 
archive  in  its  120GB  database  were 

very  complex.  Take  the  case 
of  accounts  receivables,  just 
one  of  dozens  of  applica¬ 
tions  in  operation:  China 
requires  retention  of  data 
for  15  years;  Brazil,  10;  Italy, 
seven;  and  the  U.S.  only 
three.  On  top  of  language 
and  data-retention  issues, 
the  system  also  had  to  cope  with  dif¬ 
ferent  character  sets  for  Asia. 

Tektronix  archives  transactional 
data  every  three  months  using  Live- 
Archive  from  OuterBay  Technologies 
Inc.  in  Campbell,  Calif.  First,  informa¬ 
tion  is  recategorized  —  reduced  in  pri¬ 
ority  within  the  existing  Oracle  in¬ 
stance  —  then  it’s  moved  to  a  less  ex¬ 
pensive  infrastructure.  The  users, 
however,  are  able  to  access  all  data 
from  one  screen,  without  headaches. 

OuterBay  is  one  of  four  primary  con¬ 
tenders  eyeing  a  piece  of  the  $1  billion 
archiving  market-share  pie.  According 
to  Gartner  Inc.,  Princeton  Softech  Inc. 


in  Princeton,  N.J.,  leads  the  pack  with 
more  than  50%  of  the  market.  Along 
with  second-place  OuterBay,  it  ad¬ 
dresses  IBM,  Informix  Corp.,  Sybase 
Inc.,  Microsoft  Corp.  and  Oracle  data¬ 
bases.  Applimation  focuses  on  Oracle, 
while  Ixos  Software  deals  exclusively 
with  SAP  AG  and  Siebel  Systems  Inc. 

Archiver  Beware 

IT  managers  taking  on  archiving  proj¬ 
ects  face  their  fair  share  of  problems. 
Hughes  reports  several  bugs  in  Oracle 
purging  functions  that  had  to  be  ad¬ 
dressed,  while  Cotrone  ran  into  trou¬ 
ble  caused  by  differences  between  Or- 
acle8i  and  9i.  His  system  runs  on  Ora- 
cle8i,  but  the  archive  database  runs  9i 
in  a  Linux  server  instance  within  an 
IBM  mainframe.  Each  successive  evo¬ 
lution  of  Oracle  and  its  associated  ap¬ 
plications  appears  to  add  more  com¬ 
plexity  that  could  scuttle  a  project. 

For  example,  the  Oracle  Hi  E-Busi¬ 
ness  Suite  adds  200  new  modules  and 
17,500  tables  to  the  application  infra¬ 
structure.  The  same  holds  true  for  oth¬ 
er  database  vendors. 

“We  couldn’t  export  files  from  our 
8i  production  database  into  the  9i 
archive,  as  there  are  certain  tables  you 
can’t  send  across,”  says  Cotrone.  “For¬ 
tunately,  our  inventory  application 
doesn’t  have  these  tables,  so  we  were 
able  to  archive  it  while  we  complete  a 
migration  of  everything  else  to  9i.” 

Kennametal’s  Cuda  reports  that  he 
got  his  project  under  control  only 
when  he  moved  from  a  technology- 
focused  view  of  archiving  to  a  business 
process/legal  approach  and  after  he 
had  plotted  out  all  223  data  objects 
within  his  SAP  database.  This  showed 
him  the  dependencies  that  existed 
among  data  types  and  highlighted  ex¬ 
actly  how  to  retire  data  to  minimize 
risk.  For  example,  invoices  shouldn’t 
be  archived  until  the  corresponding 


shipping  and  delivery  documentation 
denotes  a  closed  transaction.  SAP, 
says  Cuda,  has  mechanisms  built 
in  that  prevent  retirement  of  open 
transactions. 

His  advice  for  any  archiving  project 
is  to  first  head  for  the  easy  pickings. 
“Financial  documents  are  striking  in 
that  they  have  no  dependencies,”  says 
Cuda.  “Attacking  such  low-hanging 
fruit  not  only  gives  you  significant  data 
recovery,  it  also  gives  your  team  a 
sense  of  victory  and  [it]  highlights  to 
management  and  users  that  archiving 
is  beneficial  to  the  system.” 

ILM  Revolution 

Not  surprisingly,  online  archiving  has 
become  a  major  element  in  vendor  in¬ 
formation  life-cycle  management 
strategies.  EMC  Corp.  in  Hopkinton, 
Mass.,  has  partnered  with  OuterBay  to 
integrate  LiveArchive  with  EMC’s 
ControlCenter  storage  management 
tools  as  part  of  its  ILM  suite  [Quick- 
Link  43165].  Other  vendors  are  follow¬ 
ing  suit,  and  the  trumpeting  about  ILM 
is  reaching  a  fever  pitch. 

“[ILM]  will  result  in  the  optimal 
management  of  information  through¬ 
out  its  life,  from  creation  and  use  to 
archiving  and  disposal,”  says  Mark 
Lewis,  executive  vice  president  for 
open  software  at  EMC.  “It  isn’t  just 
hype;  it’s  a  revolution.”  Behind  the  fan¬ 
fare,  EMC  talks  about  a  road  map  to 
achieving  true  ILM  functionality. 

“The  ILM  buzz  is  similar  to  that  sur¬ 
rounding  virtualization  18  months 
ago,”  says  Steve  Duplessie,  an  analyst 
at  Enterprise  Storage  Group  Inc.  in 
Milford,  Mass.  He  estimates  that  it  will 
be  at  least  another  18  months  before 
ILM  moves  beyond  the  hype  and 
shows  some  merit  in  the  real  world. 
Until  then,  it  might  be  best  to  evaluate 
archiving  tools  on  their  own  merits. 
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Bin  the  2002  movie 

Minority  Report ,  a 
passenger  on  a  sub¬ 
way  train  gets  con¬ 
stantly  updated  news 
on  a  flexible,  translucent,  portable  flat- 
panel  device  that  he  carries  with  him. 

Although  the  movie  takes  place  in 
the  year  2054,  this  vision  of  the  future 
of  news  delivery  may  be  closer  than 
we  think,  says  Rich  Gordon,  a  journal¬ 
ism  professor  at  Northwestern  Univer¬ 
sity’s  Medill  School  of  Journalism. 

“The  buzzword  for  the  future,  no 
matter  what  platform,  is  interactive 
multimedia,  which  both  represents 
user  control  as  well  as  the  multiple 
forms  of  media  incorporated  into  a 
single  format,”  Gordon  says. 

“I  think,  inevitably,  portable  devices 
are  going  to  have  a  very  different  for¬ 
mat  for  storytelling  than  [via]  the 
Web,”  he  adds. 

Small  devices  such  as  cell  phones 
and  PDAs  today  display  mostly  text. 
But,  Gordon  says,  “we’re  already  see¬ 
ing  a  number  of  the  portable  platforms 
developing  the  capability  to  take  video 
and  Flash  stories,  and  I  can  envision 
somebody  riding  the  subway  and  view¬ 
ing  a  video  or  animation-based  story 
on  their  PDA.”  Gordon  envisions  a 
handheld  device  that  will  display  a  fa¬ 
miliar-looking  replica  of  the  print  edi¬ 
tion  of  a  newspaper  or  magazine  but 
will  be  clickable  and  interactive  and 
incorporate  multimedia  and  video. 

“So  imagine  a  Sports  Illustrated, 
when  you’re  reading  it  on  your  Tablet 
PC,  and  you  click  on  the  still  photo  of  a 
close  play  at  the  plate,  and  you’ll  see 
the  video  of  the  close  play  . . .  and  see  it 
actually  unfold  in  front  of  you,”  he  says. 

Total  Immersion 

New  forms  of  IT  and  integrated  media 
systems  will  revolutionize  the  methods 
for  acquiring,  packaging,  organizing  and 
delivering  the  news  in  the  not-too- 
distant  future,  says  computer  science 
professor  Dennis  McLeod.  McLeod  is 
working  on  the  User-Directed  News 
project  at  the  Integrated  Media  Systems 
Center  in  the  University  of  Southern 
California’s  Annenberg  School  for 
Communication  in  Los  Angeles. 

The  UDN  project  is  exploring  cus¬ 
tomized,  interactive,  multimedia,  “im¬ 
mersive”  news  experiences  in  which 
people  will,  in  three  to  five  years,  ex¬ 
perience  news  events  and  stories 
rather  than  just  read  about  them, 
he  says. 

“Say  there’s  a  big  protest  march  by 
the  federal  building,”  McLeod  says, 

“and  it  happened  yesterday,  and  we 
have  a  story  package  that  basically  al¬ 


lows  the  user  to  go  in,  look  around  in 
different  directions  and  choose  what 
aspects  of  the  event  he  is  most  interest¬ 
ed  in  viewing.”  When  delivered  via  a 
head-mounted  display,  this  approach 
allows  users  to  get  a  sense  that  they  are 
actually  immersed  within  an  ongoing 
event,  and  it  puts  control  of  the  news 
in  the  hands  of  the  user,  McLeod  says. 

Immersive  news  integrates  audio, 
high-definition  video,  animation,  text 
and  haptic  technology  that  conveys  a 
sense  of  touch,  texture  and  tempera¬ 
ture  to  the  user,  McLeod  says. 


“The  haptic  data  technologies  en¬ 
gage  the  sense  of  touch  in  the  digital 
world  of  communication,”  he  says. 

“For  example,  a  user  wears  a  glove 
they  would  use  to  touch  virtual  ob¬ 
jects,  and  we  try  to  impart  the  feeling 
they  would  get  if  they  were  actually 
touching  the  objects.” 

McLeod  says  it  will  also  be  possible 
to  present  a  user  with  a  text-based  sto¬ 
ry  that’s  customized  to  fit  that  user’s 
stored  profile  —  such  as  where  he  lives 
or  what  his  interests  are  —  and/or  his 
specific  requests.  For  example,  a  user 


might  request  a  story  on  a  slam-dunk 
play  by  basketball  great  Michael  Jor¬ 
dan.  After  receiving  the  request,  the 
system  would  go  to  the  knowledge 
base  that  describes  the  domain  —  in 
this  case,  sports  —  bring  up  a  generic 
story  template  about  slam-dunk  plays 
and  then  fill  it  in  with  information 
about  slam-dunk  plays  by  Jordan. 

Readers  Call  the  Shots 

“What  will  journalism  look  like  in 
three  to  Five  years?”  asks  Paul  Grabow- 
icz,  New  Media  Center  director  at  the 
University  of  California,  Berkeley.  “A 
combination  of  audio  and  video  and 
pictures  and  animation  and  graphics 
and  text  put  together  in  a  way  so  peo¬ 
ple  can  explore  a  story,  where  you  try 
to  match  up  the  type  of  media  with  the 
best  way  of  telling  that  story.” 

Grabowicz  says  users  will  enter  a 
story  through  various  entry  points,  de¬ 
pending  on  their  interests.  For  in¬ 
stance,  one  reader  might  want  to  focus 
on  the  person  a  story  is  written  about, 
while  another  might  want  to  read 
about  the  dateline  of  that  story. 

“The  packaging  of  a  story  would  cer¬ 
tainly  have  all  the  elements  of  multi- 
media,”  agrees  Nora  Paul,  director  of 
the  University  of  Minnesota’s  Institute 
for  New  Media  Studies.  “Some  stories 
are  better  understood  if  there  are  some 
good  visuals  to  them,  or  if  people  want 
to  follow  a  story  more  closely,  they  can 
connect  to  different  types  of  supple¬ 
mental  material.” 

Paul  predicts  that  “animated  info¬ 
graphics”  will  describe  a  series  of 
events  —  such  as  last  year’s  space 
shuttle  accident  —  that’s  difficult  to 
understand  in  a  linear  text  presenta¬ 
tion.  “With  the  animated  infographics, 
you  could  see  how  the  space  shuttle 
spun,  how  it  was  supposed  to  right  it¬ 
self  and  how  it  started  encountering 
problems,”  she  says.  “And  you  [could] 
experience  it  at  your  own  rate,  over 
and  over  again.” 

Paul  says  that  although  this  technol¬ 
ogy  is  currently  available,  the  news 
media  aren’t  yet  using  it  to  any  great 
extent.  “Online  news  has  not  really 
evolved  much  beyond  slapping  the 
legacy  news  story  onto  the  computer 
screen,”  she  says.  “They’re  trying  to 
push  [online  journalism]  more  into  the 
traditional  legacy  media  production¬ 
line  model  rather  than  the  handcraft¬ 
ing  that’s  required  for  really  unique 
content.”  O  44939 


MORE  ONLINE 

For  resources  related  to  the  future  of  news  delivery,  go  online: 

QuickLink  45145 
www.computerworld.com 
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This  Is  Your 
Attacker  Calling 


Protecting  networks  from  hackers  is  easy 
compared  with  guarding  against  social¬ 
engineering  attacks.  By  Vince  Tuesday 


IT'S  a  network  that  con¬ 
nects  over  98%  of  the  pop¬ 
ulation.  It  extends  to  every 
country  on  the  planet  and 
occasionally  even  into  outer 
space.  No,  it’s  not  the  Internet. 
It’s  the  telephone  network. 

The  phone  system  is  a  vital 
part  of  my  company’s  informa¬ 
tion  infrastructure,  but  it  also 
offers  a  nearly  perfect  venue 

for  attack.  - 

It’s  possible  to 
spoof  your  Internet 
address,  but  not  if  you 
want  packets  to  make 
their  way  back  to  you. 

In  that  case,  you  have 
to  include  your  real 
address,  and  that  means  every¬ 
one  between  you  and  your  tar¬ 
get  —  and  the  target  itself  — 
can  get  your  address. 

On  the  computer  network, 
our  intrusion-detection  sys¬ 
tems  can  shift  through  giga¬ 
bytes  of  data  every  second, 
plucking  out  malicious  behav¬ 
ior.  With  attacks  by  telephone, 
we  don’t  have  any  easy  way  to 
trace  the  origin  of  malicious 
callers  without  involving  the 
legal  system,  and  we  must  rely 
on  our  staff  to  spot  and  report 
incidents. 

E-mail  and  Web-based  at¬ 
tacks  can  be  automated  and 
launched  against  thousands  of 
targets.  But  the  phone  is  the 
weapon  of  choice  if  you  have 
just  one  target  in  mind. 

Buffer  overflows  and  pass- 
word-guessing  don’t  work 
over  the  phone,  so  a  more 
devious  type  of  attack  is  re¬ 
quired  —  one  that  involves 
so-called  social  engineering. 
In  a  social-engineering  ploy, 
the  attacker  tries  to  trick 
someone  into  doing  some¬ 
thing  he  wouldn’t  normally  do. 
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It  might  take  the  form  of  an 
appeal  from  an  authority  fig¬ 
ure.  Someone  could  call  and 
say  he  needs  confidential  infor¬ 
mation  for  a  senior  board  mem¬ 
ber.  Everyone  wants  to  look 
good  in  front  of  the  bosses,  so 
a  staffer  might  provide  the  re¬ 
quested  information  without 
giving  it  a  second  thought. 

Advertising  is  a  good  train- 
-  ing  ground  for  pick¬ 
ing  up  approaches 
to  social  engineer¬ 
ing.  We  get  many 
callers  who  try  to 
use  peer  pressure, 
dropping  the  names 
of  colleagues  who 
have  supposedly  performed 
a  certain  action  already.  If 
everyone  else  is  doing  it,  how 
bad  can  it  be? 

A  Cry  for  Help 

Some  attackers  play  upon  the 
sympathies  of  their  victims. 

One  scammer  who  targeted 
us  claimed  that  she  lost  her 
laptop  and  needed  confiden¬ 
tial  company  information  for  a 
presentation  she  was  giving  in 
a  few  hours.  Who  couldn’t 
help  but  feel  sorry  for  some¬ 
one  caught  in  such  a  situation? 
But  would  you  feel  enough 
sympathy  to  send  spreadsheets 
and  organizational  charts  to 


Sometimes 
you  have  to  take 
a  lesson  from  the 
attackers’  playbook 
to  protect  yourself. 


her  Yahoo  e-mail  address? 

Some  tactics  are  just  plain 
weird.  We’ve  had  many  calls 
from  people  who  pretend  to 
work  for  an  IT  integration  com¬ 
pany.  The  company  doesn’t  ex¬ 
ist,  but  people  claiming  to  be  its 
representatives  regularly  con¬ 
tact  our  staff  to  say  that  they’ll 
be  in  next  week  to  install  cord¬ 
less  mice.  The  one  thing  they 
need  before  they  can  do  that, 
however,  is  the  part  number  of 
the  employee’s  mouse.  “Please 
turn  it  over  and  read  out  the 
part  number  so  we  can  check 
that  you  are  on  the  list  for  the 
upgrade,”  the  callers  request. 

Luckily,  our  employees  are 
a  pretty  suspicious  lot,  and 
despite  the  customer  service 
training  they’ve  received,  not 
one  has  revealed  this  informa¬ 
tion.  All  have  hung  up  on  the 
attackers  or  referred  the  call 
to  the  IT  help  desk. 

Many  of  our  lines  are  re¬ 
corded  for  regulatory  purpos¬ 
es,  so  I’ve  had  the  chance  to 
listen  to  a  lot  of  calls  asking  for 
mouse  serial  numbers.  I  can 
normally  construct  some  sce¬ 
nario  that  makes  sense  out  of 
social-engineering  calls,  but  in 
this  case,  I  don’t  have  the  faint¬ 
est  idea  why  this  information 
might  be  useful.  Perhaps  it  re¬ 
veals  the  hardware  we’re  us¬ 
ing.  But  if  that’s  the  objective, 
wouldn’t  it  be  easier  to  phone 
up  and  say,  “Is  your  Dell  work¬ 
ing  today?”  I’m  almost  sorry 
that  our  employees  cut  the 
calls  short  before  they  can  get 
to  the  next  question.  Perhaps 
the  mouse  information  is  just 
an  icebreaker  and  the  scam¬ 
mers  plan  to  ask  for  more  sen¬ 
sitive  information  next. 

We’ve  even  considered  set¬ 
ting  up  a  special  number  to 
which  staffers  could  forward 
such  calls.  “Oh,  I’ve  got  to  run 
to  a  meeting;  let  me  forward 
you  to  my  assistant  who  can 
help,”  staffers  would  say.  Then 


my  trained  staff  could  take  the 
call  and  pretend  to  be  helpful 
while  trying  to  extract  infor¬ 
mation  about  tactics  and  mo¬ 
tives.  It  almost  doesn’t  seem 
fair  to  use  social  engineering 
ourselves,  but  sometimes  you 
have  to  take  a  lesson  from  the 
attackers’  playbook  to  protect 
yourself. 

Mydoom  Revisited 

On  another  note,  we’re  still 
working  on  resolving  prob¬ 
lems  created  by  the  Mydoom 
virus.  That  virus  didn’t  get 
into  our  systems,  but  tens  of 
thousands  of  infected  e-mails 
attempted  to  do  so.  Our  sys¬ 
tem  stopped  them  all,  only  to 
bombard  the  intended  recipi¬ 
ents  with  alerts  for  each  one 
[QuickLink  44521], 

We  provide  monthly  statis¬ 
tics  to  our  parent  company 
about  the  number  of  viruses 
we  stop  at  our  perimeter,  and 
last  month  we  broke  the  rec¬ 
ord.  Our  contacts  at  headquar¬ 
ters  were  both  impressed  and 
a  little  shocked.  They  couldn’t 
imagine  what  had  caused  the 
spike  in  attempts.  I  sent  them 
an  e-mail  explaining  that  it 
was  due  to  Mydoom  and  pro¬ 
vided  a  few  Web  links  with  in¬ 
formation  about  the  virus. 

I  was  certainly  surprised 
that  someone  working  in  secu¬ 
rity  at  headquarters  could 
have  missed  all  the  fuss  sur¬ 
rounding  that  outbreak,  but 
the  reply  to  my  e-mail  was 
even  more  surprising.  It  said 
that  the  staffers  at  headquar¬ 
ters  had  found  the  links  very 
useful.  They  learned  a  lot. 
They  even  learned  that  some 
messages  they  hadn’t  opened 
were  copies  of  the  virus.  It 
looks  like  my  monthly  report 
saved  headquarters  from  a 
Mydoom  infection.  I’ve  passed 
on  a  recommendation  that  se¬ 
curity  awareness  be  improved, 
starting  with  the  security 
group  there.  I 


WHAT  DO  YOU  THINK? 

This  week’s  journal  is  written  by  a  real 
security  manager,  “Vince  Tuesday,”  whose 
name  and  employer  have  been  disguised 
for  obvious  reasons.  Contact  him  at  vince. 
tuesday@hushmail.com,  or  join  the  dis¬ 
cussion  in  our  forum:  QuickLink  a1590 

To  find  a  complete  archive  of  our 
Security  Manager's  Journals,  go  online  to 

0  computerararld.com/secjournal 
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Security  Bookshelf 

Biometrics  and  Network 
Security,  by  Paul  Reid; 

Prentice  Halt  PTR,  2004. 

The  ability  to 
measure  a  unique 
biological  charac¬ 
teristic  of  an  indi¬ 
vidual  and  convert 
that  information 
into  electronic 
data  that  can  be 
used  to  identify  him 
is  a  powerful  thing. 

The  technology  to  do  this  is 
just  now  on  the  verge  of  matu¬ 
rity,  says  Paul  Reid,  and  his 
book  makes  a  compelling  case 
that  it's  time  to  take  biometrics 
into  the  corporate  mainstream. 

In  contrast  to  other  books 
I’ve  seen  on  this  topic,  Biomet¬ 
rics  and  Network  Security 
gives  detailed  examples  of  how 
not  to  do  biometrics.  Reid  also 
summarizes  finger,  face,  voice 
and  iris  biometrics  and  com¬ 
pares  them  to  help  readers 
identify  the  best  option.  This  is 
a  practical  guide,  not  a  book 
that  gets  bogged  down  in  theo¬ 
ry.  I’d  recommend  it  to  anyone 
who’s  been  asked  to  under¬ 
take  a  biometrics  pilot  project. 

-  Vince  Tuesday 


WLAN  Security 
Software  Updated 

Vernier  Networks  Inc.  in  Moun¬ 
tain  View,  Calif.,  has  released 
Vernier  Networks  Systems  4. 
The  software  for  managing 
wireless  LAN  security  runs  on 
the  vendor’s 6500  series  line 
of  WLAN  security  appliances. 
Features  include  a  centralized 
management  console;  new 
monitoring,  reporting  and  user 
rights  management  capabili¬ 
ties;  and  the  ability  to  scale  to 
10,000  users  per  domain. 

Hexamail  on  Guard 

Hexamail  Ltd.  has  released  a 
version  of  its  antispam  soft¬ 
ware  that  runs  on  Microsoft  Ex¬ 
change  2000  and  2003  e-mail 
servers.  Hexamail  Guard  for 
Exchange  filters  spam,  virus¬ 
es,  Trojans  and  e-mail  scams, 
according  to  the  Cambridge, 
England-based  vendor. 
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i  want  to  Stop  focusing  on  what's  attacking  my  servers 


and  Start  focusing  on  attacking  new  markets 


Start  expanding  securely  with  Intrusion  Prevention  Solutions  from  McAfee  Security.  -  /,'M 

By  combining  System  Protection  and  Network  Protection  Solutions,  the  McAfee"  Security  Protection-m-Depth  '  strategy  secures  your* 
business  from  the  desktop,  to  the  network,  to  the  server— the  mission-critical  heart  of  your  IT  infrastructure.  Add  our  Intrusion  Prevention; 
technologies  and  you  can  start  preventing  known  and  unknown  threats  rather  than  merely  detecting  them.  Which  means  you  can, think  a 
little  less  about  security,  and  more  about  securing  new  markets.  Start  today  at  start.mcafeesecurity.com  > 
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Because  security  is  not  just  about  what  you  can  stop, 


McAfee  &hd  Rrptec  uh  are  registered  trademarks  dr  trademarks  of  Network  Associates  Inc  an  a/or  its  affiliates  m  the  US  and/or  other  countries 

:  tff  teg  •  te'ed  trademarks  hete/n  are  the  so  e  property  of  the  r  respective  owners.  r9  2304  r-.etwoi.k.  Technology.  Inc.  All  Rights  Reserved, 
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BMC  Updates 
Mainview  Line 

BMC  Software  Inc.  last  month 
announced  several  revisions  to  its 
Mainview  product  family  for 
mainframe  management.  Main- 
view  for  IP  Version  2.2  provides 
Internet  Protocol  pacing  technol¬ 
ogy,  which  is  designed  to  ensure 
that  mission-critical  Internet  ap¬ 
plications  receive  priority  access 
to  IP  bandwidth,  according  to 
Houston-based  BMC.  Pricing 
starts  at  $33,000. 


Tool  Aids  Exchange 
Administration 

Aelita  Software  Corp.  has  re¬ 
leased  Aelita  Collaboration  Ser¬ 
vices  for  Exchange.  These  new 
tools  are  designed  to  make  it  eas¬ 
ier  for  Exchange  administrators 
to  set  up  secure  synchronization 
of  global  address  lists  in  compa¬ 
nies  that  use  multiple,  separate 
Exchange  deployments,  accord¬ 
ing  to  Dublin,  Ohio-based  Aelita. 
Pricing  starts  at  $5  per  user. 


Unimax  Rolls  Out 
Support  for  Cisco 

Unimax  Systems  Corp.  in  Min¬ 
neapolis  announced  last  week 
that  its  2nd  Nature  software  for 
Cisco’s  Call  Manager  IP-PBX  and 
Unity  voice-mail  systems  will  be 
released  this  month.  The  2nd  Na¬ 
ture  unified  system  management 
interface  concurrently  supports 
new  IP  telephony  systems  such 
as  Cisco’s  products,  as  well  as 
legacy  PBX  and  messaging  sys¬ 
tems.  Pricing  wasn’t  available. 


VMware  Upgrades 
GSX  Virtual  Server 

VMware  Inc.  in  Palo  Alto,  Calif., 
has  released  an  upgrade  of  its 
GSX  Server  3  virtual  server  soft¬ 
ware  that  allows  3.6GB  of  memo¬ 
ry  per  virtual  machine  to  support 
larger  applications.  It  also  adds 
teamed  network  adapter  support, 
and  improved  CPU,  disk  and  net¬ 
working  performance,  VMware 
said.  Pricing  starts  at  $2,500. 


NICHOLAS  PETRELEY 


Why  Free  Beer 
Trumps  Free  Speech 


THE  SPIRIT  OF  OPEN-SOURCE  might  once 
have  been  summed  up  as  “share  and  share 
alike.”  This  philosophy  has  its  roots  in 
the  GNU  General  Public  License  (GPL), 
which  is  the  license  for  the  Linux  kernel 
(the  operating  system  engine)  and  most  of  the  core 
operating  system  utilities  that  come  with  Linux. 

The  GPL  is  basically  a  reciprocal  agreement.  If  you 
improve  or  add  to  a  GPL  program,  or  if  you  build  an 
application  that  includes  software  licensed  under  the 
GPL,  then  you  must  make  the  source  code  for  your  ap¬ 
plication  available,  too.  Share  and  share  alike.  That’s 
not  to  say  you  can’t  sell  GPL  software;  you  can.  Put 
simply,  the  Free  Software  Foundation  promotes  the 


concept  of  software  that  is 
free  as  in  “free  speech,” 
not  necessarily  free  as  in 
“free  beer.”  Free  means 
open  and  unrestricted  by 
pre-existing  proprietary 
claims;  it  doesn’t  mean 
without  cost. 

According  to  the  most 
recent  Evans  Data  Corp. 
survey  of  Linux  developers, 
however,  people  are  more 
interested  in  free  beer  than 
they  are  in  free  speech. 

Given  human  nature,  that 
shouldn’t  be  surprising,  but 
it  runs  contrary  to  the  original  philos¬ 
ophy  of  open-source  software. 

For  example,  the  developers  sur¬ 
veyed  have  a  clear  preference  for  soft¬ 
ware  built  with  the  Qt  tool  kit  over  the 
competing  tool  kit,  GTK. 

They  clearly  see  the  superiority  of 
software  built  with  Qt  over  software 
built  with  GTK.  But  when  asked  which 
tool  kit  they  use  to  build  their  own 
software,  the  majority  chose  GTK. 
While  there  are  alternate  explanations 
for  some  of  this  seeming  contradic¬ 
tion,  other  data  in  the  survey  suggests 


this  is  all  about  money  and 
licenses. 

Here’s  the  crux  of  the 
matter:  It’s  illegal  to  create 
and  sell  a  proprietary  ap¬ 
plication  based  on  GPL 
code.  Given  the  reality 
that  people  are  always  go¬ 
ing  to  create  proprietary 
applications,  developers 
invented  some  license 
compromises  that  make  it 
possible  to  build  propri¬ 
etary  applications  on 
open-source  foundations. 
These  compromises  usual¬ 
ly  fall  into  one  of  two  categories  I  call 
“quid  pro  quo”  licenses  and  “free 
beer”  licenses. 

Quid  pro  quo  licenses  are  condition¬ 
al  licenses,  often  called  dual  licenses. 
These  licenses  have  GPL-like  condi¬ 
tions  for  those  who  want  to  write  free, 
open-source  software,  but  they  require 
developers  to  pay  a  license  fee  to  cre¬ 
ate  for-profit  proprietary  applications. 
Qt  has  such  a  dual  license.  Those  who 
use  Qt  to  build  proprietary,  for-profit 
applications  have  to  buy  developer  li¬ 
censes  from  Trolltech,  the  inventors  of 
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Qt.  But  the  people  who  used  Qt  to 
build  KDE,  KDevelop  and  all  the  other 
top-rated  software  didn’t  have  to  pay 
to  use  Qt,  because  KDE,  KDevelop  and 
so  on  are  all  open-source  and  free. 

Free-beer  licenses  make  it  possible 
to  incorporate  open-source  code  into  a 
proprietary  for-profit  application 
without  any  financial  obligation. 

The  widget  tool  kit  GTK  is  available 
under  the  Lesser  GPL,  meaning  you  use 
GTK  to  build  open-source  or  propri¬ 
etary  applications  with  no  obligation 
to  publish  your  source  code  or  finan¬ 
cially  compensate  the  authors  of  GTK. 

Quid  pro  quo  licenses  are  ethically 
consistent.  Open-source  developers 
can  use  the  software  for  free,  but  they 
must  contribute  their  work  back  into 
the  open-source  pool  of  software. 

Share  and  share  alike  the  source  code. 
Other  developers  can  use  the  software 
for  profit,  but  they  must  financially 
compensate  the  company  whose  hard 
work  they’re  leveraging  for  profit. 
Share  and  share  alike  the  profits. 

Free-beer  licenses,  on  the  other 
hand,  are  ethically  inconsistent.  They 
enable  companies  to  exploit  the  hard 
work  of  others  for  profit  without  giv¬ 
ing  anything  back  in  the  way  of  source 
code  or  money.  At  most,  some  of  these 
licenses  require  developers  to  include 
a  copyright  or  otherwise  credit  the 
original  authors. 

So  why  would  anyone  work  on  free- 
beer  software  if  it  amounts  to  volun¬ 
teering  to  be  exploited?  No  doubt  the 
developers  of  free-beer  software  like 
GTK  get  some  gratification  from 
knowing  their  work  is  the  most  fre¬ 
quently  chosen,  even  if  the  choice  has 
little  or  nothing  to  do  with  the  quality 
of  their  work.  And  nobody  is  com¬ 
pelling  them  to  contribute  free-beer 
software.  That’s  yet  another  aspect  of 
free:  free  will.  ©  45159 
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Double  your 

#The  best  way  to  stay  ahead  is  to  double 
your  productivity.  Introducing  Scan2 
SCan  technology  from  Sharp.  Sharp's  Digital 
Imagers  with  Scan2  technology  are  designed  to  scan  two- 
sided  documents  in  a  single  pass. 

Now  your  training  manuals  and  white  papers  can  be 
scanned,  copied,  emailed  and  digitally  distributed  quicker 
than  ever  before. 


productivity  with  Scan2 

In  fact,  it's  115%  faster  than  any  other  product  in  its 
class.  Not  only  is  it  like  having  double  the  help,  it  will  also 
allow  you  to  accomplish  more  tasks,  in  dramatically  less 
time.  Together  with  Sharp's  integrated  network 
management  software  and  security  features,  your  digital 
information  is  safe  and  workflow  is  fully  optimized. 

Visit  sharpusa.com/scan2  or  call  1-800-BE-SHARP  for 
more  information. 


technology. 

The  AR-M550,  AR-M620  and  AR-M700: 

•  Operate  at  55,  62  and  70  pages-per-minute 

•  Fully  integrated  network  ready  digital  copier/printers 

•  Include  network  management  software  and  document  filing  capability 

.  be  sharp 


*  Results  of  Buyers  Laboratory  Inc.  Document  Feeding  Speed  tests  (originals  per  minute)  in  2:2  mode  for  Sharp  AR-M550  vs.  the  following  manufacturers'  competitive  models:  Canon  iR  5000  and  5020,  HP  9055  MFP,  Konica  7155,  Kyocera  Mita  KM-5530,  Ricoh  Aficio  1055  and  551,  and  Toshiba 

e-STUDlO  550.  ©2003  Sharp  Corporation 
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CIOs  are  faced  with 
a  confusing  array  of 
quality  frameworks. 

Here’s  a  guide  to 
their  strengths  and 
weaknesses. 

By  Gary  H.  Anthes 


SHOCKED  AND  AWED 
by  the  industrial 
might  of  Japan  in  the 
1980s,  U.S.  companies 
got  religion  —  the 
quality  religion. 

They  rushed  to  im¬ 
prove  their  business 
processes  by  adopting  a  host  of  quality 
frameworks,  like  ISO  9000  for  the  en¬ 
terprise,  Six  Sigma  for  the  plant  and 
the  Capability  Maturity  Model  (CMM) 
for  software  engineering. 

Today,  IT  managers  have  a  bewilder¬ 
ing  array  of  quality  disciplines  to 
choose  from.  Some,  such  as  Six  Sigma, 
ISO  9000  and  the  Malcolm  Baldrige 
program,  may  be  dictated  to  you  by 
your  CEO.  Others,  such  as  Control  Ob¬ 
jectives  for  Information  and  Related 
Technology  (CobiT),  may  be  imposed 
by  your  auditors.  And  IT-focused  disci¬ 
plines  may  originate  in  your  own  shop, 
such  as  CMM  for  software  develop¬ 
ment  and  the  Information  Technology 
Infrastructure  Library  (ITIL)  for  IT 
operations  and  services. 

While  there  is  some  overlap  among 
these  quality  frameworks,  in  most  cas¬ 
es,  they  don’t  conflict.  Indeed,  most 
large  companies  use  two  or  three  of 
them.  For  example,  IBM  uses  ISO 
9000,  CMM,  ITIL,  Six  Sigma  and  sev- 


Q&A 

Stay  Just  a  Little  Bit  Longer 

Creative  and  flexible  work  policies  for 
baby  boomers  nearing  retirement  age 
could  head  off  an  impending  IT  skills 
shortage,  say  the  authors  of  a  Harvard 
Business  Review  article.  This  pool  of  work¬ 
ers  is  ready  to  help  Fill  the  gaps.  Page  46 


Career  Watch 

Robet  Half  Technology’s  spring 
hiring  outlook  indicates  that 
Windows  administration  is  in 
great  demand.  And,  a  BankOne 
IT  executive  describes  the 
types  of  applicants  he’s 
been  hiring.  Page  48 


OPINION 

The  Peanut  Butter  Syndrome 

Bart  Perkins  says  that  if  you  squeeze  the  central  IT  budget  too  hard, 
you’ll  force  the  pent-up  IT  demand  to  spill  over  into  the  budgets  of  the 
business  units.  Page  50 
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TCO:  total  cost  ot  ownership 
ITIL:  IT  Infrastructure  Library 
CMM:  Capability  Maturity  Model 

CobiT:  Control  Objectives  for  In¬ 
formation  and  Related  Technology 
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eral  homegrown  quality  programs. 

Meanwhile,  other  equally  sophisti¬ 
cated  companies  don’t  use  any  of 
them,  preferring  to  roll  their  own.  For 
instance,  MasterCard  International 
Inc.  has  adapted  parts  of  a  number  of 
programs  to  its  own  way  of  doing  busi¬ 
ness.  It  underwent  an  external  assess¬ 
ment  for  CMM  a  year  ago  and  imple¬ 
mented  some  ideas  from  that,  but  it 
hasn’t  adopted  the  framework  formally. 

“We  have  a  hybrid  of  quality  pro¬ 
grams,”  says  Sheryl  Andrasko,  vice 
president  for  systems  development  at 
MasterCard.  The  program  has  reduced 
the  development  time  for  new  soft¬ 
ware  releases  from  18  months  to  12  and 
has  reduced  the  number  of  software 
defects  as  well,  she  says. 

Other  companies,  such  as  Nortel 
Networks  Ltd.,  say  the  choice  should 
be  driven  by  customers  and  partners. 
Nortel  uses  a  telecommunications- 
oriented  version  of  ISO  9000  because 
that’s  what  its  customers  use. 

For  some  companies,  an  outside 
body’s  stamp  of  approval,  such  as  an 
ISO  9000  or  CMM  certification,  or  the 
cachet  that  comes  from  a  Baldrige 
award,  may  be  an  important  factor.  For 
example,  a  defense  contractor  may  not 
be  able  to  get  work  without  a  high 
CMM  assessment.  And  an  ISO  9000 
badge  may  be  a  requirement  for  doing 
business,  especially  outside  the  U.S. 

But  a  company  can  overspend  on  any 
of  these  programs,  says  Matt  Light,  an 
analyst  at  Gartner  Inc.  “We  have  a  phi¬ 
losophy  called  ‘just  enough  process,’  ” 
he  says.  “So  to  roll  your  own  and  apply 
it  just  where  it  makes  sense  is  often  the 
best  choice  for  organizations  that  don’t 
have  certification  requirements.” 

Nevertheless,  you  should  do  some¬ 
thing  on  the  quality  front,  urges  Michael 


J.  Ashworth,  CIO  of  the  investment 
banking  unit  at  J.P.  Morgan  Chase  & 
Co.  “All  of  these  things  are  just  better 
ways  of  doing  the  things  that  people 
are  trying  to  do  on  an  ad  hoc  basis,”  he 
says.  “They  are  not  mumbo  jumbo; 
they  are  codified  common  sense.” 


Capability  Maturity  Model 
Integration  (CM Ml) 


SPONSOR:  Software 
Engineering  Institute, 
Carnegie  Mellon 
University 


WHAT  IT  IS:  The 
CMMI  extends  and 
combines  the  Capability 
Maturity  Model  for  Software  (SW-CMM), 
the  Systems  Engineering  Capability  Mod¬ 
el  and  the  Integrated  Product  Develop¬ 
ment  Capability  Maturity  Model.  SW- 
CMM  is  a  collection  of  best  practices  for 
software  development  and  maintenance. 
It  allows  companies  to  assess  their  prac¬ 
tices  and  compare  them  to  those  of  other 
companies.  The  SW-CMM  measures 
process  maturity,  which  progresses 
through  five  levels:  Level  1  (initial),  2 
(managed),  3  (defined),  4  (predictable) 
and  5  (optimizing). 

STRENGTHS:  Very  detailed.  Geared 
specifically  to  software  development  or¬ 
ganizations.  Focuses  on  continuous  im¬ 
provement,  not  just  on  maintaining  a  certi¬ 
fication.  Can  be  used  for  self-assessment. 

LIMITATIONS:  Doesn’t  address  IT  opera¬ 
tions  issues,  such  as  security,  change  and 
configuration  management,  capacity 
planning,  troubleshooting  and  help  desk 


functions.  Sets  goals,  but  doesn’t  say 
how  to  meet  them.  (For  example,  CMMI 
says  to  do  requirements  analysis  but 
doesn’t  say  howto  do  requirements 
analysis.) 

For  15  years,  companies  that  wanted 
to  significantly  improve  their  software 
development  practices  —  and  earn  a 
merit  badge  for  all  the  world  to  see  — 
embarked  on  a  long,  hard  road  called 
CMM  for  Software,  a  road  map  that 
can  lead  companies  from  a  state  of 
semichaos,  where  most  are  today,  to 
one  marked  by  the  precision,  repeata¬ 
bility  and  low  error  rates  normally  as¬ 
sociated  with  a  manufacturing  assem¬ 
bly  line. 

CMMI,  recently  unveiled  by  the 
Software  Engineering  Institute,  is  a 
more  comprehensive  process-maturity 
framework  that  combines  SW- 
CMM  with  broader  disci¬ 
plines  in  systems  engineering 
and  product  development. 

The  institute  says  it  will  even¬ 
tually  stop  supporting  SW- 
CMM  in  favor  of  CMMI. 

The  IT  shop  at  J.P.  Morgan 
Chase  uses  SW-CMM,  while 
the  company  overall  works 
under  Six  Sigma.  “We’ve  got 
our  development  teams  up  to 
CMM  Level  2  and  are  pushing  toward 
Level  3  in  some  cases,”  Ashworth  says. 

Ashworth  says  the  move  from  Level  1 
to  Level  2  brought  with  it  more  reliable 
planning,  so  application  features  are 
more  likely  to  be  right  the  first  time, 
reducing  costly  rework.  The  invest¬ 
ment  bank  has  seen  the  following  addi¬ 
tional  benefits,  he  says: 

■  A  20%  to  25%  reduction  in  post¬ 
implementation  defects. 

■  Reduced  efforts  to  support  opera¬ 
tional  systems  because  they  are  more 
reliable.  “Emergency”  releases  to  fix 
bugs  have  fallen  by  60%. 

■  Better  management  of  globally  dis¬ 
tributed  projects  because  terminology 
and  specifications  are  standardized. 

■  Better  performance  from  suppliers 
because  requirements  are  better  speci¬ 
fied. 

Nevertheless,  Ashworth  cautions 
against  “analysis  paralysis”  when  it 
comes  to  evaluating  the  results  of 
CMM.  “We  found  it  not  useful  to 
spend  too  much  time  trying  to  mea¬ 
sure  things,  rather  than  just  doing  it,” 
he  says. 

Motorola  Inc.  has  software  develop¬ 
ment  units  at  all  five  SW-CMM  levels, 
but  most  are  at  Levels  3  or  4,  according 
to  Anthony  Carter,  director  of  the  Digi¬ 
tal  Six  Sigma  program  at  Schaumburg, 
Ill.-based  Motorola.  He  says  that  as 


groups  reach  Level  5,  they’ll  migrate  to 
CMMI.  The  product  development 
framework  in  CMMI  makes  it  an  at¬ 
tractive  choice  for  a  company  that 
makes  products  such  as  cell  phones 
that  contain  software,  he  says. 

The  IT  organization  at  Capital  One 
Financial  Corp.  in  McLean,  Va.,  is  at 
Level  1  and  plans  to  reach  Level  2  by 
the  end  of  this  year  and  Level  3  by  the 
end  of  2005,  says  Ray  Frigo,  vice  presi¬ 
dent  of  IT  management  services.  But 
unlike,  say,  a  defense  contractor  that 
wants  to  become  certified  at  a  high 
CMM  level  in  order  to  sell  to  the  Pen¬ 
tagon,  Capital  One  doesn’t  feel  com¬ 
pelled  to  follow  CMM  disciplines  to 
the  letter. 

“We  developed  a  process  framework 
to  provide  repeatable,  consistent  deliv¬ 
ery,”  Frigo  says.  “We  are  picking  and 
choosing  elements  of  CMM 
and  using  CMM  scoring  to 
assess  where  we  need  to  de¬ 
velop  processes.” 

Moving  from  one  maturity 
level  to  the  next  can  entail 
two  years  or  more  of  hard 
work,  and  in  some  cases,  it’s 
not  worth  the  effort,  users 
say.  For  example,  Allstate  In¬ 
surance  Co.  wants  to  move 
from  Level  1  to  Level  3  and 
stop  there.  “We  really  don’t  see  the 
need  to  go  to  Level  4  or  5,”  says  Robin 
Richmond,  an  assistant  vice  president 
at  Allstate  Protection  Technology.  “We 
can  see  payback  from  getting  to  Level  2 
and  3.  We  are  hoping  for  speed  to  mar¬ 
ket,  efficiencies  and  improved  quality.” 

And  Richmond  says  she  won’t  mi¬ 
grate  to  CMMI  anytime  soon.  “It’s  very 
difficult  to  find  people  with  experi¬ 
ence  in  it  as  assessors  or  as  imple- 
menters,”  she  says. 


Control  Objectives  for 
Information  and  Related 
Technology  (CobiT) 


SPONSOR:  Information 
Systems  Audit  and 
Control  Association 
and  the  IT  Gover¬ 
nance  Institute 


WHAT  IT  IS:  An  audit- 
oriented  set  of  guidelines  for 
IT  processes,  practices  and  controls. 
Geared  to  risk  reduction,  focusing  on 
integrity,  reliability  and  security.  Addresses 
four  domains:  planning  and  organization, 
acquisition  and  implementation,  delivery 
and  support,  and  monitoring.  Has  six  ma¬ 
turity  levels,  similar  to  CMM’s. 
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STRENGTHS:  Good  checklists  for  IT.  En¬ 
ables  IT  to  address  risks  not  explicitly  ad¬ 
dressed  by  other  frameworks  and  to  pass 
audits.  Can  work  well  with  other  quality 
frameworks,  especially  ITIL. 


LIMITATIONS:  Says  what  to  do  but  not 
how  to  do  it.  Doesn't  deal  directly  with 
software  development  or  IT  services. 
Doesn't  provide  road  map  for  continuous 
process  improvement. 

Lance  Turcato,  managing  director 
for  technology  infrastructure  and  se¬ 
curity  oversight  at  Charles  Schwab  & 
Co.,  calls  CobiT  “an  IT  governance 
tool”  to  help  IT  managers  understand 
what  controls  are  needed  and  how  to 
measure  the  effectiveness  of  those 
controls.  “There’s  an  audit  tool  that’s 
part  of  it,  so  that  auditors  can  audit 
against  those  same  criteria,”  he  adds. 

CobiT  takes  considerable  effort  to 
integrate  into  a  company’s  processes. 
“The  statements  in  CobiT  are  very 
generic,  so  we  had  to  turn  it  into 
‘Schwab-speak’  so  people  could  under¬ 
stand  it,”  Turcato  says.  “The  biggest 


challenge  was  getting  everyone  to  buy 
into  it.  What  we  had  to  do  is  determine 
who  are  the  appropriate  people 
throughout  the  technology  group  that 
own  these  controls  and  educate  them 
in  CobiT.” 

Lockheed  Martin  Corp.  has  four 
units  at  CMMI  Level  5.  It  also  uses  Six 
Sigma  and  ISO  9000  disciplines  in  var¬ 
ious  parts  of  its  IT  organization,  but 
CobiT  is  the  “umbrella  quality  frame¬ 
work,”  says  CIO  Joseph  R.  Cleveland. 
He  says  it  provides  useful  checklists  in 
each  of  its  four  domains. 

For  example,  he  says,  for  something 
as  simple  as  adding  the  BlackBerry  PDA 
to  the  company’s  catalog  of  approved 
devices,  CobiT  will  ask  whether  there’s 
help  desk  support  for  it,  whether  secu¬ 
rity  has  been  addressed,  whether  pro¬ 
cedures  are  in  place  to  acquire  and 
maintain  the  device  and  so  on. 

Cleveland  says  CobiT  fits  in  nicely 
with  CMMI,  with  CobiT  pinpointing 
the  need  for  certain  controls  and 
CMMI  putting  them  into  place.  Audi¬ 
tors’  questions  can  often  be  satisfied  by 
pointing  to  aspects  of  CMMI,  he  says. 


IT  Infrastructure 
Library  (ITIL) 


SPONSOR:  The  U  K 

Office  of  Government 
Commerce,  Pink  Ele¬ 
phant  Inc.  and  others. 

WHAT  IT  IS:  Best 
practices  for  IT  service 
management  and  opera¬ 
tions  (such  as  service-desk,  incident, 
change,  capacity,  service-level  and  secu¬ 
rity  management).  Especially  popular  in 
Europe. 


STRENGTHS:  Well  established,  mature, 
detailed  and  focused  on  IT  production 
and  operational  quality  issues.  Can  com¬ 
bine  with  CMMI  to  cover  all  of  IT. 


LIMITATIONS:  Doesn't  address  the  de¬ 
velopment  of  quality  management  sys¬ 
tems.  Not  geared  to  software  develop¬ 
ment  processes.  Use  is  highly  dependent 
on  interpretation. 

While  CMM  is  the  de  facto  quality 
standard  for  software  development 
processes,  ITIL  for  many  is  the  tool  of 
choice  for  the  operations  and  infra¬ 
structure  side  of  IT,  particularly  for  IT 
services. 

Capital  One  rolled  out  an  ITIL  pro¬ 
gram  for  internal  and  external  cus¬ 
tomers  in  2001  in  the  wake  of  very  rapid 
growth  accompanied  by  an  increasing 
number  of  “service  interruptions,”  says 
Gregory  Gannon,  vice  president  of  tech¬ 
nology  delivery.  By  2003,  Capital  One 
had  reduced  “production  incidents”  — 
such  as  system  crashes  and  software- 
distribution  errors  —  by  30%  and  had 
reduced  “business-critical”  or  “Severi¬ 
ty  1”  incidents  by  92%,  he  says. 

ITIL  tracks  problems  in  IT  service 
areas  such  as  help  desk,  applications 
support,  software  distribution  and  cus¬ 
tomer-contact  system  support,  and  it 
overlaps  CMM  in  certain  areas  such  as 
configuration  management.  For  exam¬ 
ple,  Gannon  says,  ITIL  tracks  the 
changes  made  to  operational  systems, 
but  the  quality  of  those  changes  —  in 
terms  of  the  number  and  severity  of 
problems  resulting  from  them  —  is 
more  a  CMM  metric. 

ITIL  facilitates  root-cause  analysis 
of  problems,  Gannon  says.  “We  used  to 
be  pretty  good  at  service  restoration, 
but  the  reason  we  had  to  do  so  much 
service  restoration  was  because  we 
were  restoring  service,  but  not  fixing 
the  problem,”  he  adds. 

ITIL  isn’t  a  substitute  for  ISO  9000, 
Gannon  says,  because  ISO  9000  is 


more  relevant  to  certification  of  proc¬ 
esses.  Capital  One  has  some  Six  Sigma 
efforts  under  way,  but  they’re  more  on 
the  business  side  of  the  house  than  on 
the  IT  side,  he  adds. 


Six  Sigma 


SPONSOR:  Developed 
by  Motorola  Inc. 

WHAT  IT  IS:  A  statis¬ 
tical  process-improve¬ 
ment  method  focusing 
on  quality  from  a  cus¬ 
tomer’s  or  user’s  point  of 
view.  Defines  service  levels  and  measures 
variances  from  those  levels.  Projects  go 
through  five  phases:  define,  measure,  ana¬ 
lyze,  improve  and  control.  The  Design  for 
Six  Sigma  variant  applies  this  method's 
principles  to  the  creation  of  defect-free 
products  or  services,  rather  than  the 
improvement  of  existing  ones. 


STRENGTHS:  A  data-driven  approach  to 
finding  the  root  causes  of  business  prob¬ 
lems  and  solving  them.  Takes  into  ac¬ 
count  the  cost  of  quality.  In  IT,  best  ap¬ 
plied  for  relatively  homogeneous,  repeat- 
able  activities  such  as  call  center  or  help 
desk  operations.  Design  for  Six  Sigma 
can  help  develop  good  software  specifi¬ 
cations. 


LIMITATIONS:  Originally  designed  for 
manufacturing  environments;  may  be  dif¬ 
ficult  to  apply  to  processes  that  aren’t  al¬ 
ready  well  defined  and  measurable.  Can 
improve  a  process  but  doesn’t  tell  you  if 
you  have  the  right  process  to  begin  with. 

LSI  Logic  Corp.  has  been  applying 
Six  Sigma  for  about  three  years  and  this 
year  will  begin  using  Design  for  Six  Sig¬ 
ma,  a  variant  it  feels  is  a  better  fit  for 
IT  environments.  “Traditional  Six  Sigma 
does  apply  to  some  areas  of  software 
development,  like  testing.  It  was  devel¬ 
oped  in  a  manufacturing  environment, 
where  there’s  a  high  volume  of  product,” 
says  Terry  Gowin,  director  of  quality  at 
Milpitas,  Calif.-based  LSI  Logic  Stor¬ 
age  Systems.  “But  software  develop¬ 
ment  varies  with  each  project  and  has 
much  longer  cycle  times.” 

Design  for  Six  Sigma  is  especially 
powerful  early  in  projects,  Gowin  says. 
“A  lot  of  its  focus  is  getting  the  require¬ 
ments  correct  upfront.  It  helps  to  real¬ 
ly  tighten  down  the  specifications,  so 
there  aren’t  surprises  later  on.” 

Design  for  Six  Sigma  and  CMM 
could  complement  each  other  nicely, 
says  Ron  Engelbrecht,  an  operations 

Continued  on  page  45 
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Network  Knowledge  at  Your  Fingertips. 

Grab  a  front  row  seat  as  some  of  today's  most  influential  experts 
delve  into  the  hottest  networking  issues  and  solutions. 


Network  Configuration 
Best  Practices 

Sponsored  by:  Voyence 

Watch,  listen  and  learn  as  experts 
offer  network  configuration  best 
practices. 

it's  not  about  network  security, 
its  about  secure  networks. 

Sponsored  by:  Enterasys 

Listen  as  experts  discuss  practical 
steps  to  reduce  costs  and  ensure 
interoperability  while  guaranteeing 
network  security. 

Advancements  in  Secure 
Remote  Access  Management 

Sponsored  by:  F5  Networks 

Discover  a  new  generation  of 
secure  remote  access  solutions  that 
provide  mobile  workers,  partners, 
and  contractors  24/7  access. 

Enforcing  Network  Security 
Layer  by  Layer 

Sponsored  by:  F5  Networks 

Learn  what  you  can  do  at  the 
application  level  and  device  level 
to  protect  your  organization. 

Myths  and  Realities  of  SSL  VPNs 

Sponsored  by:  Permeo 

Separate  fact  from  fiction  as 
experts  sort  out  the  advantages 
and  disadvantages  of  SSL  VPNs 
and  IPsec  based  VPN  solutions. 


WEBCAST  ROSTER 


Internal  Network  Security: 

New  Perspectives  and 
Technologies 

Sponsored  by:  Check  Point 
Software  Technologies  Ltd. 

Take  a  look  at  the  internal  security 
risks  and  vulnerabilities  within 
your  network,  and  best  practices 
to  address  them. 

Intelligent  SANS  for  Enterprise 
Business  Continuity 

Sponsored  by:  Cisco 

Hear  why  disaster  preparedness  is 
a  real-world  necessity  as  well  as 
explore  the  technologies  and 
solutions  that  enable  Business 
Continuity  alternatives. 

From  Structure  to  Chaos: 
Storage  Management  Secrets. 

Sponsored  by:  EMC 

Get  the  tools,  tactics  and  techniques 
you  need  to  gain  control  of  your 
multi-vendor  storage  environment. 

The  Components  of  a 
Successful  Information 
Lifecycle  Management  Strategy 

Sponsored  by:  EMC 

Learn  how  to  maximize  the  value 
of  your  information  while  meeting 
demanding  business  requirements 
across  diverse  applications, 
regulations,  user  needs  and 
corporate  policies. 


Secure  Mobility:  Anywhere, 
Anytime  Access  to  Converged 
Services 

Sponsored  by:  Nortel  Networks 

Organizations  with  freedom  to 
move  securely,  move  forward.  Mere 
convenience  is  being  supplanted 
by  multimedia  convergence.  And 
the  proactive  are  being  substantially 
rewarded  with  productivity  and 
savings.  Learn  how  converged  secure 
mobile  communications  can  seam¬ 
lessly  integrate  into  your  enterprise 
to  buiid  a  sustainable  competitive 
advantage. 

Secure,  Converged  Mobility  - 
Appropriate  Access  for  both 
Wired  and  Wireless 

Sponsored  by:  Hewlett-Packard 

Ever-increasing  security  concerns  and 
an  increasingly  mobile  workforce  are 
set  to  test  the  mettle  of  corporate  LAN 
infrastructures.  HP  ProCurve  secure 
mobility  solutions  provide  precise 
control  for  both  wired  and  wireless 
environments,  including  new  WLAN 
products  that  offer  state-of-the-art 
security. 
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What  Is  Six  Sigma, 
Anyway? 

(And,  what’s  wrong  with  Four  Sigma?) 


The  Greek  letter  sigma  (0)  is  the 

common  mathematical  abbreviation  for 
“standard  deviation,”  a  measure  of  how 
widely  the  outputs  from  a  process  vary 
from  the  mean.  Very  consistent  (that  is, 
high-quality)  processes  produce  outcomes 
that  are  very  close  to  the  mean,  producing 
a  small  sigma.  The  smaller  the  sigma,  the 
more  values  of  sigma  can  fit  between  the 
mean  and  some  acceptable,  user-speci¬ 
fied  quality  limit.  If  your  programming 
shop  operates  at  the  Four  Sigma  level, 
you  can  be  99.38%  certain  that  your 
code  is  “correct,"  where  correct  for  you 
means  that  every  million  lines  of  code  has 
6,210  or  fewer  errors. 

■■■ 

1  691,463  31 


6 


308,538 

66,807 

6,210 

233 

3.4 


69 

93 

99.38 

99.977 

99.9997 


Software  quality  expert  Watts 
Humphrey,  a  Software  Engineering  Insti¬ 
tute  fellow,  says  most  commercial  software 
ships  with  between  1,000  and  8,000  de¬ 
fects  per  million  lines  of  code,  or  Four  Sig¬ 
ma.  He  says  using  SEI  quality  disciplines 
will  improve  that  by  a  factor  of  100,  on  aver¬ 
age,  to  60  defects  per  million  lines,  or  Five 
Sigma. 

-GaryH.Anthes 

Continued  from  page  43 
general  manager  at  LSI  Logic.  “CMM  is 
more  of  an  assessment  tool  and  an  as¬ 
sessment  guide,  whereas  Design  for 
Six  Sigma  is  a  set  of  tools  designed  to 
help  you  improve  your  scores,  improve 
your  assessments.” 

At  J.P.  Morgan  Chase,  Six  Sigma  isn’t 
applied  directly  to  IT  processes,  but  it 
is  an  essential  starting  point  for  most 
IT  projects,  Ashworth  says.  “We  look 
at  business  processes  we  wish  to  im¬ 
prove  and  do  the  various  steps  in  Six 
Sigma  to  come  up  with  a  new  business 
process  model.  Once  you  know  what  it 
is  you  are  trying  to  do,  that’s  when 
CMM  comes  into  play.” 

Six  Sigma  could  be  applied  to  IT  op¬ 
erations  and  services,  he  says.  The 
bank  is  using  a  homegrown  quality 


framework  in  that  area  but  is  consider¬ 
ing  using  ITIL.  “Just  as  we  brought  the 
naming  conventions  and  the  assets 
that  are  created  in  Six  Sigma  and  CMM 
together  into  a  single  list  that  everyone 
can  understand,  we’d  add  ITIL  onto 
that,”  Ashworth  says. 


ISO  9000 

SPONSOR:  Interna¬ 
tional  Standards 
Organization 

WHAT  IT  IS:  A  set  of  _ 

high-level,  customer-ori¬ 
ented,  auditable  standards 
(ISO  9000, 9001  and  9004)  for  quality 
management  systems.  Intended  to  en¬ 
sure  control,  repeatability  and  good  docu¬ 
mentation  of  processes  (not  products). 

STRENGTHS:  Well  established,  mature. 
Enjoys  global  prestige.  Can  be  applied  en¬ 
terprisewide.  Can  cover  software  devel¬ 
opment  and  IT  operations  and  services. 

LIMITATIONS:  Requires  considerable 
adaptation  when  used  in  IT  organizations. 
Focuses  on  repeatability  and  consistency 
of  processes,  not  directly  on  the  quality  of 
those  processes.  Not  good  for  analyzing 
a  process  and  finding  root  causes  of 
problems. 

LSI  Logic  has  been  certified  in  ISO 
9000  since  1992.  It  also  uses  Six  Sigma 
and  Design  for  Six  Sigma.  “But  ISO  is 
the  broadest  quality  system  that  we 
use,”  Engelbrecht  says.  “It  applies  to 
manufacturing,  engineering,  market¬ 
ing,  sales  and  IT.” 

Design  for  Six  Sigma  focuses  on  in¬ 
dividual  projects  and  tries  to  fix  the 
problems  it  spotlights,  and  it  can 
“make  breakthrough  improvements,” 
Engelbrecht  says.  ISO  9000,  on  the 
other  hand,  aims  to  make  broad,  incre¬ 
mental,  year-to-year  quality  improve¬ 
ments  across  IT,  he  says.  These  im¬ 
provements  come  via  annual  ISO  9000 
audits  by  both  internal  and  external 
auditors,  he  adds. 

“ISO  9000  requires  you  to  define 
and  document  your  processes,  get 
them  measurable  and  monitor  them 
for  compliance  to  a  quality  standard,” 
says  LSI’s  Gowin.  “Six  Sigma  gives  you 
the  tools,  once  you  have  a  process  de¬ 
fined,  to  go  in  and  remove  the  varia¬ 
tion  in  the  process  to  make  the  output 
very  consistent.” 

Nortel  Networks  Ltd.  adheres  to  TL 
9000,  a  version  of  ISO  9000  tailored  to 
the  telecommunications  industry.  Its 
TL  9000  certification  applies  to  the 


company  as  a  whole,  but  quality  initia¬ 
tives  within  IT  support  the  certifica¬ 
tion,  says  Chris  Ashwood,  vice  presi¬ 
dent  for  product  development  solu¬ 
tions.  “TL  9000  has  taken  ISO  9000  a 
step  further  in  really  recognizing  the 
importance  of  IT  to  the  development 
of  products,”  he  says. 

The  Brampton,  Ontario-based  com¬ 
pany’s  IT  shop  has  a  well-defined  set 
of  priorities  that’s  updated  every  six 
months,  a  scorecard  for  every  project 
and  a  strict  management  process  for 
tracking  accountability,  says  Nortel 
CIO  Albert  Hitchcock.  “That  very 
clearly  aligns  with  the  ISO  approach  — 
doing  what  you  say  you  are  going  to 
do,  tracking  accountability  and  docu¬ 
menting  the  process,”  he  says. 


Malcolm  Baldrige 
National  Quality 
Program 

SPONSOR:  National 
Institute  of  Standards 
and  Technology,  U.S. 

Department  of  Com¬ 
merce 

WHAT  IT  IS:  A  high-level  framework  for 
quality  in  seven  areas:  company  leader¬ 
ship,  strategic  planning,  customer  and 
market  focus,  information  and  analysis, 
human  resources,  process  management 
and  business  results.  Rates  each  of 
these,  in  terms  of  approach,  execution 
and  results,  on  a  scale  from  0  to  100. 

STRENGTHS:  Very  broad,  holistic  scope. 
Can  be  used  by  any  organization.  Can  sit 
on  top  of  other,  more  focused  IT  quality 
programs. 


LIMITATIONS:  Doesn’t  address  process 
details;  doesn't  say  how  to  achieve  quali¬ 
ty.  Doesn't  directly  address  IT  processes 
and  issues. 

Motorola  is  a  big  user  of  CMM,  and 
it  invented  Six  Sigma  20  years  ago.  But 
more  recently,  it  has  embraced  the 
Baldrige  quality  program.  The  compa¬ 
ny  won  a  Baldrige  award  in  1988,  and  in 
2002,  its  Commercial,  Government  and 
Industrial  Solutions  Sector  (CGISS) 
unit  won  the  award  in  the  manufactur¬ 
ing  category. 

In  1999,  CGISS  did  a  self-assessment 
against  the  Baldrige  criteria  and  scored 
just  399  out  of  1,000  possible  points. 

“It  was  a  huge  opportunity,”  says  Mark 
Hurlbert,  director  of  business  process¬ 
es  in  CGISS’s  Office  of  Business  Excel¬ 
lence.  “We  established  this  office  to  re¬ 
ally  tie  what  are  the  right  things  to  do 
[in  the  Baldrige  program]  with  doing 
them  the  right  way  [Six  Sigma].” 

The  company  assigned  each  of  the 
Baldrige  domains  to  a  senior  manager. 
For  example,  process  management 
went  to  a  supply  chain  manager,  cus¬ 
tomer  and  market  focus  went  to  a 
sales  and  marketing  manager,  and  in¬ 
formation  and  analysis  went  to  the 
CGISS  division’s  CIO.  Each  of  these 
managers  has  his  own  “balanced  score- 
card”  with  strategic  objectives  and  an¬ 
nual  initiatives  to  support  those  objec¬ 
tives.  For  example,  the  CIO  this  year 
has  a  strategic  objective,  “to  serve  cus¬ 
tomers  better,”  and  a  specific  project 
aimed  at  that:  to  standardize  the  tools 
and  databases  in  call  centers. 

Having  chartered  a  course  via 
Baldrige,  CGISS  is  using  Six  Sigma  to 
drive  the  ship,  Hurlbert  says.  In  2002, 
CGISS  boosted  its  Baldrige  score  from 
399  to  between  650  and  750,  more  than 
enough  to  win  the  prize.  O  44933 
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JUST  A  LITTLE  BIT  LONGER 


You  could  head  off  a  looming 
IT  skills  shortage  with  creative 
use  of  retiring  baby  boomers. 


Q&A 


The  retirement  of  baby  boomers  will 
bring  a  number  of  workforce  challenges, 
including  a  shortage  of  the  kind  of  IT 
skills  that  can’t  be  outsourced.  In  the 
March  issue  of  Harvard  Business 
Review,  Tamara  Erickson  and  Bob 
Morison  of  The  Concours  Group,  a 
consulting  and  research  firm  in 
Kingwood,  Texas,  along  with  co¬ 
author  Ken  Dychtwald,  suggest 
that  there’s  a  pool  of  workers  who 
are  ready,  willing  and  able  to  fill 
the  gaps.  Erickson  and  Morison 
explained  to  Kathleen  Melymuka 
how  harnessing  this  resource  will 
have  profound  implications  for  the  way  we  view  work. 

You  make  some  startling  points  about  the  decline  in  the  rate 
of  U.S.  workforce  growth.  What  problem  will  companies  be 
facing  over  the  next  decade  or  so?  ERICKSON.  The  problem 
is  demographics  —  the  combination  of  decline  in  birth¬ 
rate  and  baby-boomer  bulge.  There  are  not  enough 
younger  workers  to  come  in  and  take  their  place. 
MORISON:  The  Bureau  of  Labor  Statistics  says  that 
the  U.S.  will  be  10  million  workers  shy  by  2010,  but 
more  important,  there  will  be  a  skills  shortage,  be¬ 
cause  if  the  baby  boomers  were  to  retire  on  schedule 
and  en  masse,  there  aren’t  enough  younger  workers 
up  to  speed  to  take  their  place. 

It’s  hard  to  believe  this  will  be  a  problem  in  the  IT  world,  where 
so  many  companies  have  cut  back  workforces  and  outsourced 
jobs,  leaving  countless  skilled  IT  workers  unemployed.  ERICK¬ 
SON:  IT  is  interesting.  It’s  tough  to  predict  how  it  will 
shake  out  due  to  immigration  —  a  big  variable  in  look¬ 
ing  at  any  demographic  pattern  —  and  outsourcing, 
which  hits  the  IT  sector  most  particularly.  But  even 
there,  shortages  are  still  predicted.  A  recent  study  of 
government  agencies  showed  75%  will  face  shortages 
of  qualified  IT  staff  in  the  next  three  to  four  years. 
MORISON:  There  are  two  species  of  IT  workers:  those 
involved  in  the  technology,  and  those  who  have  to 
know  about  the  business  and  how  applications  are 
going  to  support  business  processes.  Those  on  the 
more  applied  side  are  the  ones  who  tend  to  be  more 


experienced,  and  IT  organizations  are  going  to  see 
skills  gaps  as  those  people  leave  the  workforce.  By 
definition,  those  jobs  can’t  be  outsourced. 

What  approaches  should  companies  take  to  recruit  and  retain 
the  right  people  over  the  next  few  decades?  ERICKSON: 

Make  human  resource  practices  more  friendly  to  ma¬ 
ture  workers.  Put  in  place  flexible  retirement  pack¬ 
ages  that  allow  people  to  phase  out  rather  than  drop 
off  a  cliff.  Look  for  creative  ways  to  recruit  popula¬ 
tions  other  than  the  young.  Struc¬ 
ture  health  care  and  pension  cov¬ 
erage  to  allow  people  to  phase  out 
in  a  more  gradual  way. 


IT  is  a  fast-moving,  high-pressure,  fu¬ 
ture-oriented,  young  person’s  game. 
Can  older  people  cut  the  mustard?  And 
even  if  they  can,  wouldn’t  a  large  cadre 
of  older  workers  be  bad  for  a  company’s 
image?  MORISON:  If  we  were  to 
have  this  discussion  five  years  from  now,  that  might 
seem  a  strange  question  to  ask,  because  companies 
will  have  a  larger  mix  of  mature  employees.  We’ve 
just  passed  the  historical  low  point  in  those  over  55  in 
the  workforce.  It  was  just  over  10%  in  the  year  2000, 
and  by  2010  it  will  be  20%.  Corporations  will  learn 
what  Madison  Avenue  is  finally  learning.  Even  Gap 
jeans  ads  now  feature  a  generational  mix. 


Workforce  Growth,  2i  1-2010 


The  government  predicts  a  big  jump  in  the  number  of 
older  workers  in  the  U.S.  workforce  in  this  decade. 


ERICKSON:  Lots  of  older 
people  have  very  strong 
IT  skills.  If  a  company 
created  an  image  of 
wanting  to  tap  into 
those  skills,  it  might 
skim  the  cream  off  the  c: 
of  capabilities. 


THEY’RE  ALREADY  GONE 

When  the  economy  improves,  your  top 
IT  talent  may  be  headed  out  the  door: 
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and  attract  a  very  rich  set 


What  about  workplace  rules?  Are  certain  work  arrangements 
more  likely  to  attract  older  workers?  MORISON:  Let  the  lo¬ 
cation  and  timing  of  work  be  as  flexible  as  is  needed 
to  let  employees  achieve  a  reasonable  work/life  bal¬ 
ance.  That’s  something  that  we  heard  from  all  age 
groups.  But  mature  workers,  especially  those  who  are 
retired,  can  call  their  own  shots.  They  want  to  travel 
and  pursue  other  avocations.  So  flextime  is  especially 
important  as  a  foundation  for  flexible  retirement. 


What  is  flexible  retirement?  ERICKSON:  The  basic  idea  is 
to  give  people  the  ability  to  avoid  that  abrupt  clifflike 
departure,  to  enable  them  to  continue  a  working  rela¬ 
tionship  for  many  years  past  traditional  retirement 
age,  whether  through  contract  work  or  employment 
that  phases  into  part  time  over  time.  MORISON:  It’s  a 
very  pragmatic  matter:  Businesses  need  skills  as  the 
baby  boomer  generation  retires  and  there  are  not 
enough  to  make  up  for  that  brain  drain.  Many  mature 
people  need  to  work,  and  others  want  to  because  they 
enjoy  the  action,  but  on  their  own  terms  and  not  full 
time.  It’s  a  natural  match. 


Aren’t  there  problems  with  health  and  retirement  benefits  in 
this  type  of  arrangement?  MORISON:  It’s  a  lot  easier  to 
bring  people  back  who  have  already  retired  than  to 
structure  a  gradual  phase-out.  ERICKSON:  Many  retire¬ 
ment  plans  operate  on  the  concept  of  some  multiple  of 
the  last  few  years  you  work.  Those  need  to  be  restruc¬ 
tured  so  people  don’t  pay  a  penalty  for  phasing  out. 

What  about  the  concern  that  older  workers  may  be  burned  out 
-  just  going  through  the  paces  until  retirement?  ERICKSON: 
Burnout  is  both  a  reality  and  a  myth.  There  is  no 
question  that  we’re  seeing  a  lot  of  burnout  at  the  mid¬ 
career  point.  And  some  of  those  you  want  to  retire. 
But  our  research  shows  that  many  people  are  not 
burned  out  per  se;  they’re  just  not  engaged.  In  fact, 
they’re  craving  more  connection.  So  the  question  for 
corporations  is  how  to  grab  hold  of  these  people  and 
recapture  that  sense  of  engagement  before  they  drift 
off.  We  think  training  and  learning  can  have  a  very 
important  role  in  that  re-engagement  process. 

Can  this  approach  succeed  in  an  IT  setting  where  workers 
have  to  keep  their  skills  sharp  and  up  to  date?  MORISON: 

Why  not?  People  often  jump  on  opportunities  to 
learn  new  things.  When  retirees  return,  one  of  the 
main  motivations  is  to  keep  learning.  Don’t  assume 
that  people  can’t  hack  it.  There  is  a  growing  popula¬ 
tion  of  skilled  workers  becoming  available,  and  we 
should  take  advantage  of  them.  ©  44897 


Melymuka  is  a  Computerworld  contributing  writer. 
She  can  be  reached  at  kmelymuka@yahoo.com. 


This  is  the  latest  in  a  series  of  monthly  discussions  with  Harvard 
Business  Review  authors  on  topics  of  interest  to  IT  managers. 
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Middleware  is  Everywhere 


MIDDLEWARE  IS  IBM  SOFTWARE.  Powerful  software 
like  Tivolif  DB2®  and  WebSphere®  Open,  behind-the-glass 
technology  that  can  automate  it  all  -  IBM,  Microsoft!8  Oracle, 
Sun.  Problems  are  foreseen  and  solved  before  they  occur. 
IT  resources  are  directed  to  core  business  needs.  Costs  are 
significantly  reduced.  It’s  automation.  On  demand.  And  it's 
what  keeps  companies  and  customers  happy.  Very  happy. 
(e>  business  on  demancTat  ibm.com/software/automate 


1.  Automatic  overview  of  operation 

2.  Automatic  shipping  of  sale. 

3.  Automatic  identity  verification. 

4.  Automatic  updating  of  inventory. 

5.  Automatic  tracking  of  delivery. 


iilSIM 


Middleware 


IBM.  DB2,  Tivoli.  WebSphere,  the  e-business  logo  and  e-business  on  demand  are  registered  trademarks  or  trademarks  of  International  Business  Machines  Corporation  in  the  Ignited 
States  andfor  other  countries. Microsoft  is  a  registered  trademark  of  Microsoft  Corporation  in  the  United  States  and/or  other  countries.  Other  company,  product  and  service  names 
may  be  trademarks  or  service  marks  of  others  2003  IBM  Corporation  All  rights  reserved  .- ,  T,  '  ■  -  v  A 
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James  Ditmore 

Title:  Chief 
technology  officer, 
infrastructure  and 
operations 

Company  BankOne 
Corp.,  Chicago 

What  he  does:  Dit¬ 
more  joined  BankOne 
in  2001,  the  year  the 
S270  billion  bank  holding  company 
adopted  its  ongoing  IT  insourcing  strat¬ 
egy,  after  jettisoning  a  $1.4  billion  out¬ 
sourcing  deal  with  AT&T  Corp.  and 
IBM.  In  the  past  two  years,  BankOne 
has  hired  more  than  2,100  IT  profes¬ 
sionals,  at  a  time  its  competitors  were 
reducing  head  count  and/or  sending 
IT  jobs  offshore.  Ditmore,  formerly 
CIO  at  Ameritrade  Holding  Corp.,  hired 
many  of  these  new  IT  employees  into 
his  group. 


What  specific  IT  skills  have  you  been  hiring? 
Where  is  your  greatest  need  for  IT  profes¬ 
sionals?  We’ve  been  hiring  IT  skills  pretty  much 
across  the  board,  with  a  large  number  of  indi¬ 


viduals  hired  into  infrastructure  and  operations. 

I  would  say  the  greatest  need  has  been  applica¬ 
tion  development,  specifically  people  with 
[IBM]  WebSphere,  database  and  Internet 
development  skills. 

Experts  say  business-specific  knowledge 
makes  an  IT  professional  all  the  more  valu¬ 
able.  What  can  workers  in  IT  do  to  learn 
more  about  the  company’s  operations  out¬ 
side  of  IT?  If  you  [support]  a  brokerage,  for 
example,  there  are  a  number  of  certifications 
you  can  get.  You  can  also  become  a  certified 
financial  planner.  There’s  a  lot  of  [financial  ser¬ 
vices]  industry-specific  training  available  at  lo¬ 
cal  community  colleges  and  through  industry 
associations. 

What,  in  your  opinion,  are  the  kinds  of  jobs 
most  likely  to  be  outsourced?  Application 
maintenance. 

What  are  the  jobs  least  likely  to  be  out¬ 
sourced?  Unix  administration,  because  the 
servers  are  here  in  the  U.S.  It’s  not  absolutely 
necessary,  but  you  typically  have  your  Unix  en¬ 
gineers  where  your  servers  are.  These  servers 
aren’t  likely  to  move  offshore  because  then 
you  run  into  significantly  more  risk  and  more 
regulatory  issues,  and  you  introduce  application 
latency  that  you  might  not  otherwise  have. 

-Julia  King 


Where  the  IT  Jobs  Are: 

Spring  2004  Hiring  Outlook 


Of  more  than  1,400  CIOs  surveyed  across  all  industries,  11%  plan  to  hire  IT  personnel  and  2%  plan  to 
decrease  current  IT  staff  during  the  second  quarter.  CIOs  in  the  retail  sector  are  the  most  optimistic, 
with  17%  of  them  expecting  to  hire  and  2%  planning  to  cut  IT 
staff.  The  15%  net  increase  is  six  percentage  points  above 
the  national  average  for  all  industries. 


Manufacturing 


Professional  services 


Wholesale 


Business  services 


Transportation 


Construction 


Skills  in  Demand 
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Windows  administration  (NT/  2000/XP) 

79% 

SQL  Server  administration 

39% 

Cisco  network  administration 

34% 

26% 

Visual  Basic  development 

25% 

Active  Server  Page  development 

.Net  development 

1?%  I 

Linux  administration 

k. _ ; _ _ _ _ _ _ _ _ _ - _ _ _ . _ _ _ _ _ - _ _ _ _ _ _ 

15% 

SB  is  wH  -  :  91  fli  9 

SOURCE:  ROBERT  HALF  TECHNOLOGY  INC,,  MENLO  PARK,  CALIF. 


Passport  to  Advanced  IT  Training 


METLIFE  INC.,  Allstate  Corp. 
and  Citigroup  Inc.’s  Citi  Card 
unit  are  among  the  U.S.  com¬ 
panies  earmarked  to  receive 
federal  dollars  to  provide 
high-level  training  to  U.S. 


workers  for  IT  jobs  now  held 
by  foreign  workers  employed 
in  the  U.S.  under  II-1B  visas. 
Under  a  $6  million  grant, 
which  will  be  administered 
by  the  Computing  Technol¬ 


ogy  Industry  Association, 
a  global  trade  association, 
more  than  2,600  American 
IT  workers  in  12  states  will 
receive  advanced  IT  job 
training  in  the  coming 


months.  Allstate  will  train 
907  incumbent  IT  workers  in 
Illinois,  Ohio  and  Texas  in 
systems  administration,  pro¬ 
gramming  and  Web  applica¬ 
tions.  MetLife  will  train  600 
Web  designers,  Web  develop¬ 
ers,  network  architects  and 
application  developers  —  all 
jobs  that  have  been  typically 


filled  by  H-1B  workers,  ac¬ 
cording  to  the  company.  To 
learn  more  about  the  H-1B 
training  grants,  which  are 
supported  by  user  fees  paid 
by  employers  who  hire  IT 
professionals  under  the  H-1B 
visa  program,  go  to  www. 
doleta.gov.  ©  44944 

—Julia  King 


Can  you  see  it? 


Middleware  is  Everywhere 


MIDDLEWARE.  It's  what  on  demand  business  demands. 
And  middleware  is  IBM  software  like  DB2?  Lotus?  Rational® 
and  WebSphere®  that  develops,  integrates  and  manages  your 
applications  and  systems.  Everything  is  efficient.  Seamless. 
Across  the  board.  Across  platforms.  Microsoft®  Oracle.  Sun. 
You  name  it.  IBM’s  open  middleware  can  connect  it.  It’s  instant 
business  benefit.  Instant  customer  satisfaction.  On  demand. 
(e)  business  on  demand™  Go  to  ibm.com/software/integrate 


1.  Instantly  admitting  patient. 

2.  Immediately  processing  claim. 

3.  Automatically  approving  procedure 

4.  Constantly  tracking  treatment. 

5.  Directly  assessing  costs. 


IBM  082  Lotus  WebSphere  the  e-business  logo  and  e-business  on  demand  are  registered  trademarks  or  trademarks  of  International  Business  Machines  Corporation  in  the  ■ 
United  States  and/or  other  countries.  Rational  is  a  trademark  of  International  Business  Machines  Corporation  and  Rational  Software  Corporation  in  the  United  States,  other 
countries  or  both  Microsoft  is  a  registered  trademark  of  Microsoft  Corporation  in  the  United  States  and/or  other  countries.  Other  company,  product  and  service  names  may  be 
trademarks  or  service  marks  of  others.  2003  IBM  Corporation  All  rights  reserved. 
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A.G.  Edwards  Cuts 
138  IT  Staffers 

St.  Louis-based  securities  broker¬ 
age  A.G.  Edwards  &  Sons  Inc. 
recently  announced  that  it’s  cut¬ 
ting  about  138  workers  from  its  IT 
department.  Approximately  100 
of  those  employees  will  be  hired 
by  Kanbay  Inc.,  a  Rosemont,  III.- 
based  IT  services  firm  that’s  help¬ 
ing  A.G.  Edwards  upgrade  its  se¬ 
curities  processing  and  IT  sys¬ 
tems.  Another  38  IT  employees 
accepted  severance  packages. 
About  1,200  IT  professionals  will 
remain  employed  at  A.G.  Ed¬ 
wards’  St.  Louis  headquarters. 


Supervalu  Revises 
Data  Warehouse 

Supervalu  Inc.,  a  major  U.S.  gro¬ 
cery  chain  based  in  Eden  Prairie, 
Minn.,  recently  upgraded  its  data 
warehouse  to  consolidate  multi¬ 
ple  account-reporting  and  cate¬ 
gory  management  systems  into  a 
single  source  of  information,  so 
business  users  will  have  informa¬ 
tion  to  quickly  respond  to  market 
changes.  The  data  warehouse, 
from  Teradata,  a  Dayton,  Ohio- 
based  unit  of  NCR  Corp.,  helps 
managers  make  real-time  deci¬ 
sions  on  product  assortment, 
pricing,  merchandising  and  pro¬ 
motions  based  on  the  potential 
effect  on  sales  or  profit. 


Bank  Awards  AT&T 
Voice/Data  Pact 

New  York  Community  Bank 
recently  awarded  AT&T  Corp. 
an  S8.8  million  contract  for  local 
and  long-distance  voice  and 
data  services  that  will  create  a 
WAN  linking  139  branches.  AT&T 
will  also  provide  high-speed 
Internet  connectivity.  The  West- 
bury,  N.Y.-based  bank  said  it 
expects  the  network  to  provide 
smoother  teller  transactions, 
faster  loan  processing  and  ap¬ 
provals,  and  improved  branch- 
to-branch  communications. 

New  York  Community  Bank  esti¬ 
mates  that  under  the  contract, 
it  will  save  more  than  S2  million 
over  the  next  four  years. 


BART  PERKINS 


The  Peanut  Butter 
Syndrome 


THE  RECESSION  has  FORCED  most  IT  orga¬ 
nizations  to  cut  their  budgets,  projects  and 
staffs.  Companies  often  believe  that  by 
putting  all  IT  expenses  into  a  single  budget 
and  squeezing  that  budget  hard  enough,  they  can  force 
total  IT  expenditures  down  to  some  arbitrarily  prede¬ 
termined  level.  But  IT’s  purpose  is  to  enhance  business 


productivity.  If  the  central 
IT  budget  is  overly  con¬ 
strained,  the  business  units 
will  bury  IT  costs  in  their 
own  budgets. 

The  result  is  the  “peanut 
butter  syndrome.”  If  you 
hold  a  lump  of  peanut  but¬ 
ter  in  your  hands  and 
squeeze  it  hard  enough, 
eventually  some  of  the 
peanut  butter  will  squish 
out  between  your  fingers. 

Similarly,  when  the  central 
IT  budget  is  squeezed  too 
tightly,  IT  spending  will 
spill  into  other  budgets. 

Many  business  units  still 
have  unique  IT  needs  that 
must  be  met  in  order  to  im¬ 
prove  business  results.  Unfortunately, 
as  a  result  of  the  retrenching  of  the 
past  few  years,  the  CIO  often  doesn’t 
have  the  staff  or  budget  to  fulfill  those 
needs,  and  many  business  units  no 
longer  view  central  IT  as  their  partner. 
As  the  economy  grows  and  business 
units  have  more  discretionary  dollars, 
peanut  butter  IT  will  expand.  Business 
units  are  doing  end  runs  around  the 
central  IT  organization,  buying  hard¬ 
ware  as  “plant  and  equipment,”  and 
hiring  IT  consultants  and  technical 
staffers  as  “analysts.”  Meanwhile,  ar¬ 
chitectural  standards  are  compro¬ 
mised,  the  total  cost  of  IT  is  under¬ 
reported,  and  the  perception  of  IT’s 
usefulness  is  undermined. 

In  most  organizations,  it’s  unrealis¬ 


tic  to  expect  to  be  totally 
peanut-butter-free.  But 
peanut  butter  is  sticky, 
messy  and  hard  to  remove. 
Help  prevent  the  spread  of 
peanut  butter  syndrome  by 
taking  the  following  steps: 

■  Understand  the  business 
units’  challenges.  Even  if  you 
don’t  have  the  budget  to 
start  new  development 
projects,  you  need  to  un¬ 
derstand  each  business 
unit’s  problems  and  help  it 
get  the  IT  support  it  needs. 
If  possible,  help  the  unit 
build  a  business  case.  In 
the  process,  you  may  joint¬ 
ly  discover  a  way  to  meet 
its  needs  through  an  exist¬ 
ing  system.  In  any  event,  the  business 
case  will  help  it  more  clearly  articulate 
its  needs,  as  well  as  identify  any  re¬ 
engineering  required  to  make  the  new 
system  successful. 

■  Help  the  business  units  creatively  trans¬ 
form  peanut  butter  projects  into  official  proj¬ 
ects.  One  of  my  firm’s  clients  had  to  lay 
off  IT  staff  when  her  development 
budget  was  severely  cut.  Six  months 
later,  a  business  unit  created  a  com¬ 
pelling  business  case  for  a  new  proj¬ 
ect.  Although  the  CIO  agreed  that  it 
was  desirable,  she  didn’t  have  enough 
staff  to  undertake  the  project.  Working 
with  the  business  unit,  she  selected  a 
systems  integration  firm  that  had  suc¬ 
cessfully  worked  with  IT  before  — 
with  the  explicit  understanding  that 


Louisville,  Ky.,  which 
helps  CIOs  manage  their 
IT  suppliers.  He  was  CIO 
at  Tricon  Global 
Restaurants  Inc.  and 
Dole  Food  Co.  Contact 
■  him  at  BartPerkins® 
LeveragePartners.com. 


the  firm  would  follow  IT’s  architectur¬ 
al  standards.  The  CIO  also  assigned  an 
architect  and  a  project  manager  from 
her  staff  to  oversee  the  project.  The 
business  unit  paid  for  the  project  and 
got  the  desired  software.  The  CIO  was 
able  to  select  a  preferred  vendor, 
maintain  architectural  integrity  and 
win  the  business  unit’s  gratitude. 

■  Detect  peanut  butter  projects  before  a 
vendor  is  chosen.  Ask  your  vendors  to 
tell  you  about  any  potential  peanut 
butter  projects.  (They  often  hear  about 
them  before  you  do.)  In  return,  en¬ 
courage  business  units  to  use  existing 
strategic  vendors  in  order  to  preserve 
architectural  integrity. 

■  Integrate  the  IT  chart  of  accounts  into 
the  corporate  chart  of  accounts.  Few  orga¬ 
nizations  make  IT  expenditures  ex¬ 
plicit  in  their  COAs,  which  makes  it 
easy  for  business  units  to  bury  IT 
spending  in  “analysis”  or  other  pro¬ 
jects.  If  spending  gets  diffused 
throughout  the  organization,  it  be¬ 
comes  much  harder  to  aggregate  IT 
spending  and  negotiate  with  vendors 
the  next  time  you  need  price  conces¬ 
sions.  Vendors  negotiate  on  quantity 
purchased,  regardless  of  whether  the 
dollars  come  from  IT  or  elsewhere. 

The  peanut  butter  syndrome  has  be¬ 
come  increasingly  prevalent  over  the 
past  few  years.  As  it  grows,  it  compro¬ 
mises  the  integrity  of  your  architec¬ 
ture,  undermines  your  negotiating 
power,  marginalizes  the  central  IT  or¬ 
ganization  and  makes  effective  suppli¬ 
er  management  nearly  impossible. 
Controlling  the  peanut  butter  syn¬ 
drome  gives  you  leverage  over  total  IT 
spending  and  protects  your  architec¬ 
ture,  while  building  bridges  between 
the  IT  organization  and  the  business 
units  and  your  vendors.  ©  44892 

WANT  OUR  OPINION? 

OFor  more  columns  and  links  to  our  archives,  go  to 

www.computerworld.com/opinions 


storage  solution 
d  it’s  worthy 
f  an  award? 

Nominate  it  for  the  Storage  Networking  World 
“Best  Practices  in  Storage  Awards  Program!” 
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Endorsed  by 


Computerworld,  in  conjunction  with  the  Storage  Networking  Industry  Association  (SNIA)  and 
Storage  Networking  World  (SNW),  is  seeking  IT  user-organization  case  study  submissions 
for  consideration  and  recognition. 

This  program  will  evaluate,  select  and  recognize  ten  Storage  Technology  “Best  Practices” 
based  on  case  studies  highlighting  successful  or  noteworthy  solution  implementation 
projects  and  deployments  in  the  following  categories: 

•  Systems  Implementation 

•  Storage  Reliability  and  Data  Recovery 

•  Data  Lifecycle  Management 

•  Industry  Regulation  Compliance  and  Corporate  Governance 

•  Innovation  and  Promise 


Nominations  are  welcomed  from  IT  Users/lmplementers;  Systems  Integrators/Consultants:  IT  vendors  on  behalf  of  customers,  or, 
their  own  In-House  Deployment;  and  PR  firms  on  behalf  of  clients.  Multiple  submissions  of  case  studies  describing  different  deployments 
per  company/organization  will  be  considered. 

Winners  will  be  featured  in  a  Computerworld  special  advertising  supplement  profiling  the  company  and  submitted  case  study. 


Submit  your  nomination  today!  The  deadline  is  Tuesday,  March  9th  at  9:00pm  Eastern  time. 

Complete  the  nomination  form  at:  snwusa.com/best.practice_storage.html 
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Project  Manager:  Duties  include: 
Plan,  direct,  and  coordinate 
activities  of  complex  web  appli¬ 
cation  projects  for  both  in-house 
systems  and  outfacing  e-com- 
merce  marketing  and  business 
applications.  PM  will  identify 
business  targets  and  opportuni¬ 
ties  for  insurance  products  and 
financial  services;  design  and 
coordinate  development  of  web 
applications  for  target  markets; 
and  maintain,  troubleshoot  and 
enhance  existing  business  web 
applications.  PM  will  use  strong 
understanding  of  business  oper¬ 
ations  management,  financial 
and  marketing  communications 
theory  along  with  a  working 
knowledge  of  computer  systems 
design,  web  based  applications 
development,  programming 

tools  to  develop  e-commerce 
solutions  for  financial  and  insur¬ 
ance  products.  Daily  duties  may 
include:  review  and  formulate 
systems  scope  and  project 
objectives;  identify  role  and 
function  of  each  team  member; 
effectively  coordinate  the  activi¬ 
ties  of  the  team  and  project; 
identifying  appropriate  resource 
required;  communicate  and  con¬ 
sult  with  programmers,  systems 
analyst,  database  developers; 
create  and  review  status  reports; 
coordinate  project  activities  with 
activities  of  government  regula¬ 
tory  or  other  governmental 
agencies  where  required.  Min. 
Reqt's:  BS/BA  (foreign  equiva¬ 
lent  accepted)  in  Business, 
Marketing,  Operations  Manage¬ 
ment  or  MIS  and  2  yrs  experi¬ 
ence  in  job  offered  or  a  related 
occupation  (i.e.  e-commerce 
project  management  or  market¬ 
ing  communications  experi¬ 
ence).  MUST  also  possess:  (1) 
Demonstrated  experience  with 
Marketing  communications  pro¬ 
jects  involving  insurance  and 
financial  services  and  products; 
(2)  Strong  working  knowledge  of 
general  computer  systems 
design,  web  application  design, 
database  structure,  and  pro¬ 
gramming;  and  (3)  Dem¬ 
onstrated  knowledge  and  expe¬ 
rience  using  marketing,  finance 
and  iterative  project  manage¬ 
ment  methodologies  and  con¬ 
cepts  for  developing  e-com¬ 
merce  web  applications.  Basic 
pay  is  $80,404  per  year  FT  and 
standard  company  benefits. 
EEO.  Submit  2  resumes  and 
respond  to  Case  No.  2002- 
03499,  Division  of  Career 
Services,  Alien  Labor 

Certification  Unit,  19  Staniford 
Street,  1st  Floor,  Boston,  MA 
02114. 

IS  SYS.  STAFF  ANALYST 

Apply  knowledge  of  Siebel  prog, 
techniques  &  comp.  sys.  to  plan, 
dvlp,  test,  implement  &  docu¬ 
ment  comp,  progs.  Eval.  user 
requests  for  new  or  modified 
progs.  Make  site  visits  to  gather 
info.  &  analyze  sys.  reqmnts. 
Consult  w/users  to  identify  oper¬ 
ating  procedures,  clarify  pro¬ 
gram  objectives  &  leverage  fun¬ 
ctionality  of  Siebel  software  to 
address  critical  reqmnts.  Apply 
knowledge  of  industry  best-prac¬ 
tices  while  configuring  the  Sieb¬ 
el  software  &  dsgng  enhance¬ 
ments  to  optimize  processes. 
Utilize  all  components  of  Siebel 
dvlpmnt  environment  to  combine 
pre-dvlpd  software  objects  with 
customized  programming  to 
generate  applns  that  are  highly 
integrated  with  Siebel  sys.  Over¬ 
see  installation  of  hardware  & 
software.  Train  &  provide  tech, 
support  to  users  of  Siebel  prog. 
Monitor  performance  of  sys. 
after  installation.  Carry  out  pro¬ 
gramming,  debugging  &  trou¬ 
bleshooting,  as  well  as  complete 
description  code  of  IDOC  & 
BARI  Excel  based  on  SAP  R/3, 
Master's  deg.  in  Project,  Constr. 
or  IS  Mgmt  or  Comp.  Sci.  reqd  + 
2  yrs  exp.  in  position  offered  or 
in  Comp.  Sci.,  Bus.,  Constr. 
Mgmt  or  Math.  Must  have  exp. 
converting  applns  to  SAP  R/3 
software  (incl.  CO,  HR,  PP,  PI, 
MM  &  SD  modules)  utilizing 
Oracle,  ABAP/4,  BAPI  Excel  & 
Siebel  7/2000  computer  tools). 
High  mobility  preferred.  40  hrs/ 
wk,  OT  as  reqd,  Sam  -  5pm, 
$68,000/yr.  Qualified  applicants 
submit  resumes  to:  Fayette 
County  CareerLink,  Attn:  Caree- 
rLink  Program  Supervisor,  135 
Waylan  Smith  Drive,  Uniontown, 
PA  15401.  Please  refer  to  Job 
Order  No.  396465. 

PM  software  projs.  -  Java,  C++, 
VB,  ASP,  PB,  Oracle,  Sybase. 
Utilize  RUP.  Critique  codes  in 
J2EE  (EJB,  JMS,  JNDI),  & 
OOAD.  Full  life  cycle  dev.:  sys¬ 
tem  anal.,  concept,  design,  pro¬ 
totype,  document,  implement, 
coordinate,  plan,  code,  test, 
budget  &  estimate.  Create/ 
maint.  proj.  plan  of  tasks/  sched¬ 
ule.  Interface  w /  client,  updates, 
&  channel  all  new  reqs./  change 
requests  to  develop,  team. 
Budget  Ctrl.,  bills  &  collection. 
Present  resource  issues,  perf., 
client  concerns  &  status  to  inter¬ 
nal  mgmt.  Get  client's  b/z 

needs,  build  prof,  relationships, 
&  new  sales.  Comply  w/  SEI 
CMM  Level  5  QA  guide.  BS  in 
Comp.  Apps  +  5  yrs.  exp.  in  job 
duties  +  3  yrs.  QA  exp.  in  SEI 
CMM  level  5.  Comp,  salary. 
Apply:  Core  Concept,  1000 
Abernathy  Rd.,  #1010,  Atlanta, 
GA  30328  with  proof  of  perm. 
Work  authzn. 

Senior  Software  Engineer 
sought  in  Boston,  Massa¬ 
chusetts  area  for  development 
of  internet  based  software  for 
financial  and  administrative 
functions  of  healthcare  organi¬ 
zations.  Requirements  are 

Bachelor's  degree  in  engineer¬ 
ing  or  the  equivalent,  and  two 
years  experience  in  VB/ 
VBScript,  Java/JavaScript,  SQL 
Server,  System  Domain  admin¬ 
istration,  HTML/XML,  relational 
databases,  IIS,  networking, 
client/server,  Nt4. 0/2000,  and 
Microsoft  development  tools. 
Send  applications  to  Rec¬ 
ruitment,  Req.  No.  2083,  RO. 
Box  1070,  Burlington,  Vermont 
05402-1070. 

Applications  Programmer 
for  NE  OH  to  analyze  user 
req.,  procedures  &  prob¬ 
lems  to  automate  process¬ 
ing/improve  existing  com¬ 
puter  system;  troubleshoot; 
eval.  existing  IS  for  effec¬ 
tiveness.  Bachelor's  Deg¬ 
ree  in  Information  Systems. 
Resumes  to:  HR,  Custom 
System  Company,  6670  W. 
Snowville  Rd.  Cleveland, 

OH  44141.  EOE.  No  calls. 

DATABASE  DESIGN  ANA¬ 
LYST  sought  by  surgical 

clinic  in  Houston,  TX.  Must 

have  degree  &  exp. 

Respond  by  resume  only  to 

Exec.  Director,  L/H  -  #10, 

Town  &  Country  Plastic 

Surgery,  10565  Katy  Frwy, 

Ste  100,  Houston,  TX 

77024. 

Seeking  qualified  applicants  for 
the  following  positions  in  Orlando, 
FL:  Senior  Proarammer  Analvst. 

Formulate/define  functional  req¬ 
uirements  and  documentation 
based  on  accepted  user  criteria. 
Requirements:  Bachelor's  degree 
or  equivalent*  in  computer  sci¬ 
ence,  MIS,  mathematics,  engi¬ 
neering  or  related  field  plus  5 
years  of  experience  in  systems/ 
applications  development.  Exp¬ 
erience  with  C  and/or  C++,  Java 
and  RDBMS  also  required 
‘Master's  degree  in  appropriate 
field  will  offset  2  years  of  general 
experience.  Submit  resumes  to 
Sibi  George,  FedEx  Corporate 
Services,  1900  Summit  Tower 
Blvd.,  Suite  1400,  Orlando,  FL 
32810.  EOE  M/F/D/V. 

SOFTWARE  ENGINEER  to  pro¬ 
vide  on-site  consultancy  in 
design,  development,  cus¬ 
tomization,  testing  and  mainte¬ 
nance  of  e-commerce  web- 
enabled  applications  software 
using  .Net,  CSharp,  ASP, 
ADO. Net,  ActiveX,  COM/DCOM, 
HTML/DHTML,  XML,  MTS,  IIS, 
PL/SQL,  Rational  Rose,  VB  and 
related  technologies;  provide 
software  support  on  Windows 
2000,  Internet  Information 
Server,  Oracle  and  SQL  Server. 
Require:  Bachelor  (or  equiva¬ 
lent)  in  Management  Information 
Systems/Computer  Science  with 
five  years  experience  in  the  job 
offered  or  any  experience  pro¬ 
viding  skills  in  described  duties. 
40%  travel  required  to  client 
sites  within  the  United  States. 
Salary:  $65,000  per  year,  40- 
hour/week,  9  am  to  5:30  pm,  M- 
F.  Apply  with  resume  to: 
President,  K2  Technologies, 
Inc.,  2107  Franklin  Drive, 
Papillion,  NE  68133. 


Software  Engineer:  Design, 
code,  customize  &  integrate  s/w 
components  into  wireless  prod¬ 
ucts.  Design  &  develop  applica¬ 
tion  level  s/w  for  Bluetooth  pro¬ 
files,  IrDA,  USB  connectivity 
modules  using  C,  C++.  Develop 
applications  that  communicate 
with  non-PC  network  products 
such  as  digital  handsets,  PDAs 
and  commercial  test  equipment. 
Bach's  deg  in  Comp  Sci, 
Physics  or  Elec  Engrg  reqd  +  1 
yr  exp  in  job  offered.  Send 
resume  to  Panasonic  Mobile, 
1 225  Northbrook  Parkway,  Suite 
2-330,  Suwanee,  GA  30024, 
Attn:  Debbie  Greer,  PL. 


Programmer  Analysts  -  Design, 
Develop  and  Maintain 
Enterprise,  Web,  and  Portal 
applications  in  Java  and/or  VB 
Database  Administrators 
Oracle  DBA  activities, 
logical/physical  design  of  data¬ 
base. 

Software  Engineers  -  Prepare 
report  design,  functional,  pro¬ 
gram  specifications  &  deploy 
using  Brio  Enterprise  Server  6.5 
and  ETL  deveiopment.Min  Edu- 
Bachelor’s  Degree  or  equi,  Min 
Exp-2  yrs.  Job  may  involve 
working  at  various  locations 
throughout  the  US.  Please  send 
resumes  to  Attn:  HR, 

Tekessence  Inc  .  1001  Office 
Park  Road,  Suite#107  West  Des 
Moines,  IOWA  50265 


Information  Management  Res¬ 
earch  seeks  applicants  for  the 
position  of  Computer  Systems 
Analyst  in  Englewood,  CO  to 
design  and  perform  quality 
assurance  testing  on  document 
management  software  products 
customized  for  Japanese  and 
other  international  customers. 
Requirements  for  the  position 
include  a  bachelor's  in  computer 
science,  computer  engineering 
or  closeiy  related  field  and  work¬ 
ing  knowledge  in  testing  docu¬ 
ment  management  products  and 
in  Alchemy  and  Microsoft  Frame 
Works.  Respond  by  resume  to 
Peter  Galligan,  Information 
Management  Research,  6025  S. 
Quebec  St.,  #260,  Englewood, 
CO  80111. 


Programmer  Analyst  need¬ 
ed  w/exp  in  web  applica¬ 
tions  using  J2EE,  C++, 
Windows  NT,  Unix,  Oracle 
Suite  products,  customiz¬ 
ing  records,  panels,  pages 
&  menus  using  Peoplesoft 
HRMS,  Peoplecode,  SQR, 
People  Tools,  SQL  & 
Oracle  environment.  Mail 
resumes  to:  Compu-lnfo, 
410  Kingston  Road,  #2A, 
West  Kingston,  Rl  02892. 


Turing  Consultants,  Palantine,  IL 
based  IT  company  has  multiple 
openings  for  exp’d  Computer 
Professionals  w/relevant  educ. 
&  exp.  to  analyze,  devlp,  sprt, 
test,  maintain  IT  projects  w/fol- 
lowing  skills:  VB,  VB  Script,  Perl, 
Erwin,  COBOL.  PL/SQL,  C, 
C++,  VC++,  I  Planet,  ASP.  Web 
techn.:  HTML,  DHTML,  XML, 
UML,  Websphere,  Weblogic,  E- 
business  intelligence,  GU!  tools, 
ORACLE-RDBMS,  ASP,  JAVA 
Technologies,  (JDBC,  J2EE, 
EJB,  Java  Script).  Operating 
systems:  Sun  Solaris,  Unix, 
Linux,  Rational  Rose,  Crystal 
Reports,  PowerBuilder.  Offering 
top  $$+bnfts.  40%  travelling  to 
client  sites  req’d.  Resumes  to: 
1024  N,  Cardinal  Drive, 
Palantine,  IL  60074. 


Computer  Programmer  Analyst 
Full  time  position  to  work  as 
Computer  Programmer  Analyst, 
needs  knowledge  of  Business 
Intelligence  tools  (Brio,  Business 
Objects,  Cognos),  data  ware¬ 
housing  and  data  mining  con¬ 
cepts,  Enterprise  reporting,  ex¬ 
perience  in  Customer  relation¬ 
ship  management,  Siebel,  profi¬ 
ciency  in  programming,  SQR, 
Java,  PL/SQL,  C  ++  and  famil¬ 
iarity  with  one  of  the  relational 
databases  Oracle  or  Sybase, 
automated  testing  tools  like  mer¬ 
cury/rational.  Requires  Bachel¬ 
or’s  degree  in  Engineering  or  CS 
or  CIS  or  equivalent  and  2  years 
of  experience  in  the  job  offered. 
Applicants  send  resume  to 
Pyramid  Consulting  Inc,  8665 
Providence  Drive,  Noblesville, 
IN  46060. 


CGI  Inform.  Sys  &  Management 
Consultants,  Inc.  is  looking  for 
Sr.  IT  Consultant  to  develop  web 
portal  applications  using  Oracle 
9IAS,  data  warehouse  using 
pl/sql,  reports6l  &  discoverer. 
Min.  MS  plus  exp.  of  Oracle 
X/8/9,  9IAS,  PL/SQL,  Java¬ 
Script.  Contact  lisa.halter@ 
cai.com.  No  calls.  EOE 

Innovative  Consulting  is  looking 
for  program  or  system  analysts, 
IT  engineers.  Candidate  must 
have  BS/MS  degree.  Travel  is 
required  for  some  positions. 
Skills  in  C/C++,  VB,  Oracle, 
SQL,  SAP,  WebSphere,  Java 
are  plus.  Good  salary.  Please 
send  resumes  to  info@icscorp 
usa.com.  EOE 


Network  Project  Coordinator:  for 
Healthcare  Mgt.  S/ware  dvlpmt. 
Effect  cross-cultural  communi¬ 
cation  in-house  &  for  out¬ 
sourced  s/ware  projects.  Intense 
client/vendor  (India)  liaison/con- 
suiting  expected.  Analyze  med¬ 
ical/institutional  requirements, 
incl.  business/  staffing/insurance 
inputs;  integrate  process-centrd 
web-enabled  s/ware.  Plan, 
report  &  delegate,  optimize  dsgn 
elements  &  apps  w/in  time/bud¬ 
get.  Req’d:  5  yrs  exp.  s/ware 
mgmt.,  Bach  in  Mgmt  &  Admin 
w /  certifs.  in  Microsoft  Net¬ 
working,  Windows  NT.  Resume 
ONLY:  #NPC,  Velos,  Inc.,  2201 
Walnut  Ave.,  #208,  Fremont,  CA 
94538.  An  EOE  employer. 


Want  a  new 
IT  career? 


Check  out  our  jobs 
in  the  combined 
CareerJournal.com 
database. 


www.itcareers.com 


IT  Careers 
Wants  You! 

Take  the  hassle  out  of 

job  searching  and 

check  us  out  at 

www.itcareers.com. 

Today,  more  than  ever, 
the  right  skills  fuel  the 
new  economy  and  IT 
Careers  wants  you  to  be 

there.  Check  us  out  at: 

www.itcareers.com 
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Systems  Analysts  to  provide  in 
depth  analysis,  design,  devel¬ 
opment  and  testing  services  for 
database  development  projects; 
perform  project  scoping,  project 
planning,  project  time  and  cost 
schedules,  quality  of  deliver¬ 
ables  and  study  and  evaluate 
new  technologies  and  method¬ 
ologies;  provide  business  guid¬ 
ance  for  complex  user  prob¬ 
lems;  guide  teams  by  providing 
methodologies  to  be  followed; 
interact  with  clients  on  project 
related  issues.  Require  Masters 
degree  or  foreign  equivalent  in 
Computer  Science  or  Business 
Administration.  High  salary,  f/t 
position.  Travel  involved.  Res¬ 
umes  to  HR,  Smartsoft  Interna¬ 
tional,  Inc.,  4898,  South  Old 
Peachtree  Rd,  Norcross,  GA 
30071. 


Windows  System  Cons¬ 
ultant  wanted  by  reseller  of 
accounting/fin.  bus.  appl. 
S/W.  Requires  B.S.  or 
equiv.  in  Comp.  Sci.  plus  2 
years  exp.  including 
Windows  NT.  Reply  to  H.R., 
Fantasia  Technology  Part¬ 
ners,  LLC,  25  Lincoln  St., 
Framingham,  MA  01702. 


Systems  Architect  for  IT  systems 
and  customized  applications 
provider  in  Roswell,  GA. 
Minimum  four  years  experience 
designing  systems  architecture 
and  databases  using  JCL,  ASP 
and  SQL,  including  conducting 
business  and  systems  integra¬ 
tion  analysis,  designing  applica¬ 
tions  in  client/server,  n-tier, 
intranet,  extranet  and  web  envi¬ 
ronments,  integrating  main¬ 
frame,  legacy  and  windows  sys¬ 
tems  and  providing  testing  and 
training  support.  Send  resume 
to  Netwise,  Inc.,  Attn:  Human 
Resources,  130  Winterberry 
Court,  Roswell,  GA  30076. 


Jr.  Software  Programmer. 
Assist  in  writing  &  testing 
comp,  programs  using  C, 
C++,  Javascript,  Visual  Basic 
(incl.  VBScript  &  VBA),  trans- 
act-SQL,  SQL  server  2000 
DBA,  Perl,  ASP,  HTML,  Java¬ 
Script,  XML  &  Crystal  Reports 
in  NT/Windows  2000  in  a 
multi-tiered  envir.  Req:  BS  in 
Info.  Tech,  or  Comp.  Sci. 
40hrs/wk.  Job/Interview  Site: 
Woodland  Hills, CA.  Send 
resume  to  Finity  USA,  Inc. 
@22123  Martinez  Street, 
Woodland  Hills,  CA  91364. 


Sr.  Test  Engineer  needed  in 
Fayetteville,  GA  to  plan  support 
software  verification  &  UNIX  & 
mainframe  testing  of  complex 
revenue  accounting  project. 
Support  test  cases,  test  scenar¬ 
ios  &  reqs  verification  &  trace- 
ability  matrices.  Establish  test 
beds,  test  scripts,  &  test  docu¬ 
mentation,  to  include  test  strate¬ 
gies,  application  cross-refer¬ 
ences,  test  case  design,  test 
case  execution,  test  reporting  & 
test  evaluation.  Tools:  UNIX, 
MVS,  DOS,  Windows  NT,  JCL, 
4GL,  TSL,  ISPF,  TSO,  JES2, 
SDSF,  RACF,  ACF2.  REQS:  3 
yrs  exp.  in  job  offered.  Please 
forward  resume  to  D.  Gelinas, 
Genisys  Engineering  Corp.,  100 
Havenbrook  Ct,  Fayetteville,  GA 
30214.  No  calls  of  faxes  please. 
EOE. 


Software  Consultants  needed  at 
client  sites  to  dvlp  applic  using 
MVC  (Model  2)  architecture 
dsgn  &  dvlp  authentication 
systm  in  Weblogic.  Tools  used 
J2EE-Java.  Servlet.  JSP,  JSTL, 
EJB,  JMS,  RMI,  JSF,  JESS 
engine,  Velocity,  STRUTS, 
Taglibs,  ANT,  JBuilder,  Web- 
Logic,  WebSphere.  Iplanet,  IBM 
MQ  Series,  C/C++,  Oracle. 
Lotus  Notes,  Domino  Server, 
Telnet  API,  MochaSoft,  Unix, 
ASP,  IIS,  VB.  Apply  to:  Global 
Consultants,  Attn:  Hireme,  25 
Airport  Rd.  Morristown,  NJ 
07960. 


Matrix  Management  Systems. 
Inc.  is  looking  for: 

Programmer  Analyst:  Should 
have  a  bachelors  degree  in 
computer  science/related  field 
with  3+  years  of  experience  in 
the  following:  Net  Architect, 
VB.NET,  ASP.NET,  C#  Architect. 
VB6.0,  ASP,  XML,  XSL,  SQL 
SERVER  7.0/2000,  Oracle.  Cold 
Fusion,  Clear  Quest,  VC++, 
DB2,  CICS,  COBOL,  Rational 
Rose,  WinRunner  and  Load- 
Runner.  We  accept  foreign  edu¬ 
cation  equivalent  of  the  degree, 
or  the  degree  equivalent  in  edu¬ 
cation  and  experience.  Send 
Resume  to  Attn:  HR,  932D. 
Atlantic  Ave,  Hoffman  Estates, 
IL  60194. 


Synergy  has  multiple  openings 
for  IT  professionals.  Qualified 
applicants  must  have  BS  with 
substantial  experience.  Strong 
background  in  SAP,  SQL,  ERP, 
VB,  TCP/IP  Suite,  Oracle  is  plus. 
Send  resumes  to  hr@synergy- 
com.com.  Travel  is  required  for 
some  positions.  Sponsor  GC. 
EOE. 

CMS  (Customer  Management 
Systems)  has  openings  for  expe¬ 
rienced  IT  professionals  to  pro¬ 
vide  full  life  cycle  IT  &  business 
solutions  to  clients.  Quali¬ 
fications  include  BS  with  experi¬ 
ence  using  SQL,  EJB,  JSP,  UML, 
OOP/OOD,  Lotus,  Java,  VB,  etc. 
Apply  at: 

cms@earthdome.com.  EOE. 

No  Calls. 


Delasoft,  Inc.,  IL  based  IT  com¬ 
pany  seeking  Computer 
Professionals  (multiple  open¬ 
ings),  w/relevant  edu.  &  exp.  to 
analyze,  devl.,  design,  test,  sprt, 
maintain  IT  Projects,  w/following 
skills:  Java  technologies,  Web 
Tech  (Web  Sphere,  Web  Logic, 
XML.  HTML,  DHTML,  UML); 
Unix,  Linux,  Solaris,  Sybase, 
Oracle  databases;  Testing/QA 
tools:  WinRunner,  LoadRunner. 
TestDirector,  Silk  GUI  &  Rational 
Rose  Tools,  SQL  server.  C,  C++, 
CICS,  COBOL,  SQL/PLSQL 
Languages;  ABAP,  SAP,  BAAN, 
Siebel,  TCP/IP,  ERWIN  &  Win. 
envrmnts.  Offering  top  $$+bnfts. 
40%  traveling  to  client  sites  in 
US.  Resumes:  2200  S.  Main 
Street,  Suite  111,  Lombard,  IL 
60148. 


Computer  Professionals  (pro¬ 
grammer,  system  analyst,  soft¬ 
ware  or  project  engineers)  want¬ 
ed  E-Con.  Candidates  must  have 
minimum  BS  or  equivalent 
degree  with  IT  experince.  Use 
Weblogic  6.0  Application  server, 
Java  Servlets,  XML  Please  send 
resumes  to:  hrd@goecon.net. 
EOE.  No  calls. 

Global  Consulting  is  looking  for 
programmer/system  analysts, 
software  engineers.  Candidate 
must  have  BS  with  IT  experience. 
Good  skills  in  C/C++,  Java, 
Oracle,  EJB,  J2BB,  WebLogic, 
VB,  HTML  are  plus.  Traveling  is 
required  for  some  positions. 
Apply  job@g-c-g.net  EOE.  No 
calls. 


Data  Consulting  Group  is  looking 
for  software  engineers/program¬ 
mers  to  develop  security  infor¬ 
mation  service  system  using  VB, 
Oracle  based  on  client/server 
Minimu  BS  with  experience  using 
Oracle,  VB,  Crystal  Reports 
Please  send  resumes  to: 
recruiter@dcgroupinc.com 
EOE.  No  calls. 

Senior  IT  consultants  (s/w  engi¬ 
neer  or  system  analyst)  wanted 
by  MD  Soft.  Inc.  Duties  include 
implementation  of  Siebel  appli¬ 
cations,  programming.  Must 
have  BS  plus  experience  using 
Siebel,  Oracle,  Powerbuilder. 
Sponsor  HI /Green  Card.  Please 
apply  at  mdsoftinc@yahoo.com. 
EOE 


Computer  Software  Engin¬ 
eer,  Las  Vegas,  NV.  Dvlp/ 
create/modify  computer 
aplctns  software/spclzd  ut¬ 
ility  prgrms.  Analyze  user 
needs/dvlp  software  solu¬ 
tions.  Design/customize 
software  for  client  use. 
Work  individually  or  crdntg 
database  dvlpmt  as  part  of 
team.  2  yrs  exp.  Send  res: 
Choopa.com,  1  Bethany 
Road,  Bldg  2,  Suite  24, 
Hazlet,  NJ  07730,  D. 
Aninowsky. 


E  Computer  Technologies,  Inc., 
is  a  computer  and  technology 
solutions  provider  of  business- 
to-business  and  E-commerce 
application  implementation  and 
integration  services  specializing 
in  E-purchasing  systems.  Our 
company  currently  has  openings 
for  the  following: 

Programmer  Analysts:  Design 
and  develop  financial  based 
applications  using  client  server 
technology,  n-tire  technologies 
with  Oracle  8i,  Oracle  ERP,  SY¬ 
BASE  databases  using  J2EE, 
WEBLOGIC  7,  Netscape  and 
Enterprise  Server,  IBM  MQ  Ser¬ 
ies,  Extensible  Style  Sheet  Lan¬ 
guage  Transformations,  Unified 
Modeling  Language  for  design, 
and  object-oriented  analysis  and 
design.  Design  product  features 
to  meet  requirements  and  per¬ 
form  quality  tests  for  new  and 
existing  features.  Use  knowl¬ 
edge  of  market  and  accounting 
principles  to  develop  software. 
Need  Bachelor's  degree  in  Com¬ 
puter  Science  or  Engineering. 
Need  2  yrs  of  exp. 

Send  Resume  to:  E  Computer 
Technologies,  Inc.,  777  S. 
Central  Expressway,  Ste  #4-F, 
Richardson,  TX  or  via  e-mail  at: 
jobs@ecomputertech.com. 


Computer  Professionals,  exp'd 
(multiple  openings)  sought  w/rel¬ 
evant  Bachelors  or  Masters 
depending  on  position  &  exp  in 
QA,  VB  Script,  Perl,  Erwin,  C, 
C++,  VC++,  I  Planet.  ASP, 
HTML.  DHTML.  Java  Script, 
Sybase,  Oracle,  SQL  Server, 
SQL,  T-SQL,  MS  Access, 
Business  Objects,  Crystal 
Reports,  DB2,  Windows  NT, 
CEML,  Linux,  IIS,  Unix,  PL/SQL, 
Cognos,  Brio,  ODBC 
Connectivity,  Netscape  Enter¬ 
prise  Server.  Application  Server 
of  Cold  Fusion,  Data  Modelling, 
Informatica,  ETL  application,  e- 
business  intelligence,  Data¬ 
warehousing,  SAS,  ERP,  CRM, 
RDBMS  -  Oracle;  GUI  Tools, 
ASP.  J2EE,  JSP,  JDBC  Java 
Script,  EJB,  Web  Sphere, 
WebLogic,  ASR/TTS.  CTI.  40% 
travel  to  client  sites  req'd. 
Resumes  to:  JCG  Technologies, 
Inc.,  477  Congress  St,  5th  FI, 
Portland,  ME  04101. 


Systems  Analyst  -  Analyze  user 
reqmts,  procedures  &  problems 
to  automate  processing  &  to 
improve  existing  computer  sys¬ 
tem.  Confer  w/personnel  invol¬ 
ved  to  analyze  current  opera¬ 
tional  procedures,  ID  problems 
&  learn  specific  input  &  output 
reqmts  such  as  forms  of  data 
input,  how  data  is  to  be  summa¬ 
rized  &  formats  for  reports. 
Upgrade  system  &  correct  errors 
to  maintain  system  after 
implmtn.  Prep  time  &  cost  esti¬ 
mates  for  completing  projects. 
BS  in  Electronics  or  Comp  Engg 
&  2  yrs  exp  reqd.  40hr/wk,  9a- 
5p,  $17. 63/hr.  Send  resumes  to 
Rene  Gaviola,  OLRA  Educa¬ 
tional  Foundation,  10101  Harwin 
Dr,  #125,  Houston,  TX  77036. 


R  Systems,  Inc.  is  a  global  infor¬ 
mation  technology  services 
company  and  it  has  multiple  Job 
openings  for  the  following  posi¬ 
tions  at  its  corporate  office  in 
Sacramento  as  well  as  Project 
sites  throughout  the 
United  States: 

•  Applications  Programmer 

•  Database  Anaiyst 

•  Software  Engineers 

•  Systems  Analyst 

•  Network  Analyst 

•  IT  Project  Managers 

•  Business  Analyst 

•  Sales  Engineer 

•  Programmer  Analyst 

•  Sales  Manager 

•  Database  Administrators 

•  Market  Research  Analyst 

Minimum  requirement:  Bach¬ 
elor's  degree  or  equivalent  and 
one  year  experience  in  the  job 
offered.  All  positions  may  involve 
relocation  to  project  sites. 

Submit  detailed  resume  and 
position  applied  for  to: 

Attn:  Venkatesh  Sundararajan 
5000  Windplay  Drive  Suite  5 
El  Dorado  Hills,  CA  95762 


Computers 

PROCESS  ENGINEER 

R.R.  Donnelley  &  Sons  Co. 
(Nashville,  TN),  is  seeking  to 
hire  a  Process  Engineer  II  to 
design,  develop  &  document  in¬ 
tegration  software  used  to  auto¬ 
mate  &  facilitate  direct  interac¬ 
tion  between  existing  legacy 
systems  &  the  general  ledger. 
Assess  the  current  systems/pro¬ 
cesses,  recommend  &  imple¬ 
ment  design  solutions  to  bridge 
&  transform  data  to  enable  auto¬ 
mation  to  the  ledger.  Develop  & 
execute  extensive  testing  plans 
&  develop  plans  to  migrate  pro¬ 
duction  ready  applications  to 
corporate  production  servers 
using  version  control  software. 
Maintain,  tune,  execute  network 
admin,  on  the  development  ser¬ 
ver.  Must  have  Bach,  degree  in 
CIS  &  3  yrs  exp.  Must  have  com¬ 
pleted  projects  involving  Visual 
Studio.net,  Microsoft  SQL  Ser¬ 
ver,  JAVA  Script,  Visual  Basic 
Scripts,  Access,  ASP.net,  XML, 
HTML,  and  ETL  modeling,  net¬ 
work  administration  &  version 
control  software.  Please  email 
resume  to.  corporateprocessen- 
gineer@rrd.com  EOE 


Software  Engineers  to  analyze, 
design,  develop  financial  appls 
using  OOD.C++,  VC++,  MFC, 
Visual  Source  Safe,  SQL  Server, 
Rational  Rose,  CrystalReports, 
ADO  under  Windows/UNIX  OS; 
perform  system/functional  req 
analysis;document  detailed  pro¬ 
ject  specs  and  review  conceptu¬ 
al  model  with  users;provide 
training/user  support  for  related 
appl  software;  performdebug- 
ging/modifications  of  existing 
software.  Require:  M.S.  or  for- 
eignequiv.  in  CS/Engg.(any 
branch)  with  1  yr  exp  in  IT.  High 
Salary.  Comp.salary.  f/t  position, 
travel  involved.  Resume  to:  HR, 
Autosig  Systems,  Inc.,  201, Price 
Hills  Trail,  Sugar  Hill,  GA  30518. 


IT  Education  &  Training  Directory 
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' 


Contact  the  companies  listed  below 
to  help  you  with  your  training  needs! 


C&JSlt  ■ 


To  place  your  ad  please  call  800-762-2977 

! 


IPexpert,  Inc. 

(866)  225-8064 

www.ipexpert.com 

CCIE  (R&S,  SEC,  and  C&S),  CCSP, 

CCNP,  CCNA,  IP  Telephony 


CBT  Nuggets 

(888)  507-6283  &  (541)  284-5522 
www.cbtnuggets.com 
Affordable  training  videos  on  CD 
MCSE,  MCDBA,  MCSD,  CCNA, 
Citrix,  Linux,  A+,  Net  + 
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Engineer 

Pitney  Bowes  Inc.  has  an  open¬ 
ing  in  its  Shelton.  Connecticut 
office  for  an  Engineer. 

Develop  new  concepts  and  pro¬ 
totypes  in  the  areas  of  intelligent 
networked  devices  and  informa¬ 
tion  appliances  for  mail  and 
messaging  and  develop  novel 
embedded  system  solutions. 

Must  possess  at  least  a  bache¬ 
lor's  degree  or  its  equivalent  in 
Electrical  Engineering,  Comp¬ 
uter  Science  or  a  related  field 
and  relevant  work  experience, 
including  college  coursework/ 
project  and/or  work  experience 
with  USB  software  driver  devel¬ 
opment  and  hardware  interfac¬ 
ing;  embedded  software  devel¬ 
opment  experience  at  the  API 
level  of  various  handheld  and 
wireless  devices  such  as  the 
iPAQ,  Dolphin  and  Symbol  scan¬ 
ners;  embedded  Java  program¬ 
ming  experience  to  author 
device  independent  software 
interfaces  for  use  in  enterprise 
level  integrated  systems;trou- 
bleshooting  wireless  connectivi¬ 
ty  issues  at  the  hardware  and 
API  level  (including  vendor  inter¬ 
facing  and  verification  and  vali¬ 
dation  of  system  built  to  specifi¬ 
cation);  and  hardware  level 
debugging  of  wireless  and  wired 
components. 

Resume  and/or  cover  letter 
must  reflect  each  requirement 
above  and  specify  reference 
code  E/MZ  or  it  will  be  rejected. 

Forward  resume  to  Robbin  Drew 
Elliott,  Pitney  Bowes  Inc.,  One 
Elmcroft  Road,  Stamford,  CT 
06926-0700. 


Intelligent  Digits,  a  fast  growing 
software  Development  Com¬ 
pany  is  looking  for 

Market  Research  Analyst: 

Market  research,  MIS,  gathers 
information,  forecast  future  mar¬ 
keting  trends,  and  strategy,  con¬ 
duct  and  manage  promotional 
campaign,  prepare  reports  and 
data  collection,  Respond  RFP. 
Master  degree  with  one  year 
experience  in  all  the  above. 

Programmer  Analyst: 

With  bachelor  degree  and  2yrs 
experience,  skills  required  for 
design,  development  &  adminis¬ 
tration  using  DB2UDB,  Oracle, 
Sybase,  J2EE,  XML,  C++,  Web 
servers,  Shell  scripting  and 
WAP  Technologies. 

We  accept  foreign  education 
equivalent  of  the  degree,  or 
the  degree  equivalent  in  edu¬ 
cation  and  experience. 

Send  Resume  to  HR,  Intelligent 
digits,  Inc.,  701  Fourth  Avenue 
South,  #  500,  Minneapolis,  MN 
55415  careers@intellegentdig 
its.com 


Systems  Analyst.  Job  location: 
Atlanta,  GA.  Duties:  Provide 
Java  develop,  on  inbound  sys¬ 
tems.  Design  &  develop  Java 
modules  across  appl.  cycles. 
Maintain  develop,  speed  & 
progress  of  systems  per  project 
specs.  Resp.  for  maint.  on  exist¬ 
ing  Java  projects.  Develop, 
encode,  test,  debug  docs  & 
install  programs  for  large  scale 
or  high  volume  transactions 
using  Websphere  Studio 
Application  Developer,  EJB, 
JSPS,  Servlets  &  Struts. 
Requires:  B.S.  in  Comp.  Sci., 
Eng.  or  a  related  field  (will 
accept  any  comb,  of  educ.  & 
exp.  equiv.  to  a  B.S.  degree)  &  2 
yrs.  exp.  in  the  job  offered  or  2 
yrs.  exp.  as  a  Consultant, 
Prog/Analyst  or  Prog.  Con¬ 
current  exp.  must  incl.  2  yrs.  exp 
developing  encoding,  testing  & 
debugging  docs  for  large  scale 
or  high  volume  transactions  &  2 
yrs.  exp.  using  Java.  Mail 
resume  (no  calls)  to:  Donna 
Brown,  CTG,  Inc.,  1335 
Gateway  Dr.,  Suite  2013, 
Melbourne,  FL  32901-2636. 


A  position  is  available  for  a 
Senior  Systems  Engineer  in 
Durham,  North  Carolina  with  a 
software  development  company. 
The  Senior  Systems  Engineer 
will  provide  technical  services  to 
HSD  clients,  including  installing, 
upgrading,  and  migrating  prod¬ 
ucts,  troubleshooting  applica¬ 
tions,  hardware,  and  network 
issues,  and  advising  on 
RDBMS,  NOS,  and  hardware. 
Candidates  should  possess  an 
Associate's  degree  in  Engineer¬ 
ing  Technology  or  a  related  field 
and  at  least  two  years'  experi¬ 
ence  in  computer  systems  engi¬ 
neering,  including  at  least  one 
year's  experience  in  Oracle,  Cit- 
rix,  Crystal  Reports  and  UNIX. 
Apply  by  mail  to: 

Shelley  Ayers 
Per-Se  Technologies 
300  West  Morgan  Street 
Suite  175 

Durham,  North  Carolina  27701 


SYSTEMS  ANALYST  to  ana¬ 
lyze,  design,  develop,  imple¬ 
ment,  test  and  integrate  appli¬ 
cation  software  systems  and 
PLM  domain  using  MS  SQL 
Server,  Visual  Basic,  ASP,  Java 
Script,  VB  Script  and  DHTML  on 
Windows  platform.  Require: 
B.S.  degree  in  Com-puter 
Science/Engineering,  or  a 
closely  related  field  with  2  yrs  of 
exp  in  the  job  offered  or  as  a 
Programmer/Analyst.  Extensive 
travel  on  assignments  to  vari¬ 
ous  client  sites  within  the  U.S.  is 
required.  Competitive  salary 
offered.  Apply  by  resume  to: 
Vijay  Vasandani,  Axiom  Sys¬ 
tems,  Inc.,  11575  Great  Oaks 
Way,  Ste  130,  Alpharetta,  GA 
30022;  Attn:  Job  LB. 
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SCO  Suits 

based  Clarity  Payment  Solu¬ 
tions  Inc.  “Most  of  us  here 
consider  it  a  waste  of  every¬ 
body’s  time.” 

Kuchlein  said  he  runs  Linux 
servers  almost  exclusively. 
“I’m  about  to  double  our  in¬ 
stalled  base  as  well”  for  Clari¬ 
ty’s  main  production  system, 
he  said.  “I’m  buying  a  truck- 
load  more  servers,  and  they’re 
all  going  to  be  Linux  as  well. 
The  SCO  thing  hasn't  even 
come  up  as  a  discussion.” 

Corey  Corrick,  director  of 
operations  at  Web  services 
provider  Flamenco  Networks 
in  Alpharetta,  Ga.,  said  he  will 
continue  to  use  Red  Hat  Inc.’s 
Advanced  Server  3.0  Linux  for 
the  company’s  managed  data¬ 
base  and  application  servers 
despite  the  lawsuits  last  week. 
“We’re  waiting  for  things  to 
shake  out  in  court,”  Corrick 
said.  “[SCO]  keep[s]  suing,  but 


they  haven’t  shown  anything.” 

“If  people  would  prefer  to 
work  through  the  court  system, 
then  we’ll  File  a  complaint  and 
we’ll  work  through  the  court 
system,”  said  Dari  McBride, 
SCO’s  president  and  CEO.  “De¬ 
pending  on  which  way  cus¬ 
tomers  want  to  go,  we’ll  ac¬ 
commodate  their  desires.” 

McBride,  speaking  during  a 
conference  call  about  SCO’s 
financial  results,  didn’t  re¬ 
spond  directly  when  asked  if 
the  company  would  refund 
any  licensing  fees  if  it  loses 
the  cases  against  Daimler- 
Chrysler  and  AutoZone  as 
well  as  an  ongoing  copyright 
infringement  suit  against  IBM. 

SCO  sued  DaimlerChrysler 
in  a  Michigan  state  court, 
charging  that  the  automaker 
violated  its  software  licensing 
agreement  with  SCO  by  refus¬ 
ing  to  provide  a  requested 
“certification  of  compliance” 
as  part  of  a  software  audit. 

The  suit  against  Memphis- 
based  AutoZone,  filed  in  fed¬ 


eral  court  in  Nevada,  claims 
that  the  retailer  is  illegally 
running  versions  of  Linux  that 
contain  Unix  code  copyright¬ 
ed  by  SCO.  Both  suits  seek  un¬ 
specified  damages. 

A  DaimlerChrysler  spokes¬ 
woman  declined  to  comment 
about  the  suit,  saying  that  the 
automaker  hadn’t  received  a 
copy  of  the  document.  Infor¬ 
mation  on  IBM’s  Web  site  in¬ 
dicates  that  DaimlerChrysler 
has  used  Linux  for  the  past 
two  years  on  a  108-node  IBM 
server  cluster  for  vehicle 
crash  analysis  and  simulation. 

Ray  Pohlman,  a  spokesman 
for  AutoZone,  said  his  compa¬ 
ny  also  had  not  yet  seen  the 
lawsuit  and  couldn’t  comment 
about  SCO’s  copyright  claims. 
“It  is  our  understanding,  how¬ 
ever,  that  SCO  has  sent  letters 
to  hundreds  of  companies, 
making  similar  allegations,”  he 
said.  Pohlman  wouldn’t  dis¬ 
cuss  AutoZone’s  use  of  Linux. 

Red  Hat  Inc.  confirmed  that 
AutoZone  had  used  Red  Hat 


Linux  to  run  its  in-store  in¬ 
tranet  until  “several  months 
ago.”  AutoZone  has  also  been 
a  SCO  customer,  using  SCO 
Unix  to  run  applications  such 
as  its  point-of-sale  systems. 

McBride  said  Daimler¬ 
Chrysler  and  AutoZone  were 
targeted  because  they  failed  to 
respond  to  SCO’s  warnings 
that  violations  of  its  intellectu¬ 
al  property  would  no  longer  be 
tolerated.  In  the  case  of  Daim¬ 
lerChrysler,  McBride  said  it 
was  “one  of  thousands  of  com¬ 
panies”  that  received  written 
notices  from  SCO  late  last  year 
detailing  their  obligations  un¬ 
der  the  vendor’s  Unix  System 
V  source  code  license  deals. 

“Some  companies  respond¬ 
ed  appropriately  and  certified 
their  compliance  with  the 
terms  of  the  agreements,” 
McBride  said.  “Some  compa¬ 
nies,  including  DaimlerChrys¬ 
ler,  have  failed  to  respond  ap¬ 
propriately.” 

Dion  Cornett,  a  financial  an¬ 
alyst  at  Decatur  Jones  Equity 


Partners  LLC  in  Chicago,  said 
the  charges  against  Daimler¬ 
Chrysler  and  AutoZone  will 
be  difficult  for  SCO  to  prove. 

For  example,  SCO  officials 
discussed  AutoZone’s  alleged 
use  of  some  specific  Unix  file 
types  or  shared-source  li¬ 
braries  during  their  confer¬ 
ence  call,  Cornett  said.  But 
AutoZone  says  it  doesn’t  use 
those  files,  according  to  Cor¬ 
nett.  “Without  knowing  what 
building  blocks  AutoZone  is 
using,  the  claim  looks  some¬ 
thing  like  a  fishing  expedi¬ 
tion,”  he  said. 

“I  don’t  think  they’re  going 
to  get  anywhere,”  said  Bill 
Claybrook,  an  analyst  at  Har¬ 
vard  Research  Group  in  Har¬ 
vard,  Mass.  “They  have  actual¬ 
ly  struck  with  some  good- 
sized  customers  here.  But  I 
don’t  think  anybody’s  going  to 
rush  out  and  buy  a  license  for 
[SCO’s  Unix  technology].  It’s 
basically  another  attempt  to 
wrangle  money  out  of  people.” 
©  45249 
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BizTalk  Server 

and  customer  theft,  according 
to  Paul  Duchouquette,  direc¬ 
tor  of  IT  at  the  Los  Angeles- 
based  retail  music  chain. 

The  IT  department  worked 
with  Xavor  Corp.,  a  Microsoft- 
certified  partner  in  Irvine, 
Calif.,  to  set  up  an  interface  in 
Microsoft’s  SharePoint  Ser¬ 
vices  so  that  Virgin  loss-pre¬ 
vention  specialists  can  set  con¬ 
ditions  under  which  they  want 
to  be  alerted,  such  as  when  a 
high  number  of  refunds  are  be¬ 
ing  issued  by  a  certain  cashier. 
That  threshold  information  is 
stored  in  XML  in  SQL  Server, 
and  BizTalk’s  rules  engine  ac¬ 
cesses  the  XML  file,  said  Am- 
mara  Masood,  a  senior  vice 
president  at  Xavor. 

Every  10  minutes,  BizTalk 
polls  the  transactions  logged 
in  each  store’s  point-of-sale 
systems,  and  the  transaction 
data  is  passed  to  the  process 


orchestration  engine,  she  said. 
Business  rules  are  triggered, 
and  when  suspicious  activity 
is  detected,  employees  are 
alerted  through  the  SMTP 
server,  Masood  noted. 

“They  can  literally  go  to  that 
register  and  ask  the  cashier 
some  questions,”  Duchou¬ 
quette  said,  adding  that  there 
has  been  a  change  in  culture  as 
a  result.  “The  real-time  report¬ 
ing  actually  creates  a  psycho¬ 
logical  impact  to  employees 
considering  theft.” 

Before  the  system  went  live 
in  January,  Virgin  did  loss  pre¬ 
vention  through  observation 
and  analysis  of  transaction 
logs  sent  to  a  third  party.  But 
the  85  third-party  reports  took 
15  days  to  arrive  and  were  cum¬ 
bersome  to  analyze.  Now,  Biz¬ 
Talk’s  business  activity  moni¬ 
toring  pushes  transaction  data 
to  SQL  Server  Analysis  Services, 
and  there  are  only  four  consol¬ 
idated  reports,  Masood  said. 

Virgin  is  also  using  some 
of  BizTalk’s  more  traditional 


functionality.  The  software 
maps  the  universal  product 
code  from  the  transaction  logs 
with  the  artist,  title,  SKU  and 
other  data  stored  in  its  JDA 
Software  Group  Inc.  merchan¬ 
dising  system,  which  uses  an 
IBM  DB2  database  running  on 
an  AS/400,  Masood  said. 

Peggi  Douglass,  director  of 
IT  services  at  Retirement  Sys¬ 
tems  of  Alabama  in  Mont¬ 
gomery,  was  looking  at  Java- 
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■  Business  process  management 

■  Ability  to  represent  human 
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■  Integration  with  Visual  Studio 
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based  business-rules  products 
when  she  learned  that  BizTalk 
Server  2004  would  include 
that  functionality.  BizTalk 
made  more  sense  because  it 
was  less  expensive  and  RSA  is 
a  Microsoft  shop,  she  said. 

RSA  provides  retirement 
and  health  insurance  benefits 
to  about  290,000  employees, 
and  the  IT  department  wanted 
a  rules  engine  to  physically 
separate  the  business  rules 
from  the  application  code  so 
that  its  systems  are  easier  to 
maintain  and  modify.  Before, 
the  rules  were  buried  in  the 
code  of  the  individual  applica¬ 
tions,  Douglass  said.  Under  the 
new  system,  a  rules  change 
can  be  made  in  one  place. 

Developers  use  BizTalk  Serv¬ 
er’s  Business  Rules  Composer 
to  build  the  rules  and  policies, 
such  as  a  name  change  requir¬ 
ing  proof  documentation.  RSA 
hopes  to  eventually  allow  its 
business  users  to  make  modifi¬ 
cations  to  rules  by  themselves, 
but  so  far,  the  company  has 


found  that  the  product  isn’t  as 
easy  for  non-IT  staffers  to  use 
as  it  would  like.  Douglass  said 
RSA  may  look  to  third-party 
products  with  better  graphical 
components. 

RSA  has  also  been  dabbling 
with  the  workflow  capabilities 
in  BizTalk  Server  for  validat¬ 
ing  addresses  for  those  who 
receive  retirement  benefits  on 
a  periodic  basis. 

Jess  Thompson,  an  analyst 
at  Gartner  Inc.,  said  the  busi¬ 
ness  process  management 
functionality  was  poor  in  Biz¬ 
Talk  Server  2002  because  it 
supported  the  automation  of 
processes  that  involved  only 
applications  or  Web  services. 
The  new  version  adds  support 
for  business  processes  involv¬ 
ing  human-based  interaction, 
he  said.  ©  45241 


SIEBEL  ADD-ONS 

Siebel  will  offer  industry-specific  integration 
products  built  around  BizTalk  Server  2004: 
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FRANK  HAYES  ■  FRANKLY  SPEAKING 


Legal  Clarity 


WHEN  IS  A  LAWSUIT  A  GOOD  THING?  When  it 

will  actually  clear  up  a  problem.  Which  is  why, 
strange  as  it  seems,  I’m  actually  glad  VeriSign  just 
sued  the  Internet  Corporation  for  Assigned 
Names  and  Numbers  [QuickLink  45059]. 

The  problem  is  that  VeriSign  contends  that  ICANN  doesn’t  have 
the  authority  to  regulate  new  domain-name-related  businesses  such 
as  VeriSign’s  late,  unlamented  Site  Finder  service.  ICANN  believes 
it  does  have  that  authority. 

And  until  a  court  decides  who’s  right,  we’ve  got  a  mess. 


What  sort  of  mess?  Think  back  to  last  fall, 
when  VeriSign  rolled  out  Site  Finder  by  chang¬ 
ing  the  way  its  .com  root  servers  worked.  Those 
servers  contain  the  central  database  of  which 
.com  domains  belong  to  which  IP  addresses. 

So  when  VeriSign  gimmicked  its  servers,  a 
user  who  mistyped  a  domain  name  didn’t  get  an 
error  message,  he  was  rerouted  to  an  advertis¬ 
ing-driven  VeriSign  Web  site.  Meanwhile,  appli¬ 
cations  broke  if  they  depended  on  the  now¬ 
missing  error  messages.  And  e-mail  got  mis- 
routed.  And  some  Internet  service  providers  re¬ 
sponded  by  gimmicking  their  own  DNS  servers 
to  work  around  VeriSign’s  gimmickry.  Eventual¬ 
ly,  ICANN  threatened  a  lawsuit  of  its  own. 
VeriSign  backed  off.  Stability  returned. 

Hey,  compared  with  more  episodes  of  Gim¬ 
mick  Wars  and  potential  destabilization  of  the 
Internet,  VeriSign’s  lawsuit  sounds  pretty  good. 

When  I  talked  to  VeriSign  CEO  Stratton 
Sclavos  in  the  wake  of  the  Site  Finder  fiasco,  he 
told  me  what  VeriSign  really  wanted  was  some 
clarity  when  it  came  to  launching  new  domain- 
name-based  services.  He’d  tried  to  respect 
ICANN’s  quasi-regulatory  role,  he  said.  But 
some  of  VeriSign’s  proposals  had  been  stalled 
in  ICANN’s  fuzzy,  ill-defined,  con¬ 
sensus-driven  process  for  years. 

There  was  no  way  to  tell  how  long 
approval  might  take,  or  if  a  proposal 
would  ever  be  approved. 

Apparently,  Sclavos  never  did  get 
the  clarity  he  wanted.  Now  VeriSign 
is  headed  for  court  with  ICANN. 

Charges  will  fly.  Rhetoric  will  heat 
up.  Lawyers  will  get  rich. 

And,  yes,  we’ll  finally  get  some 
clarity.  Because  at  the  center  of 
VeriSign’s  suit  is  that  question:  Can 
ICANN  regulate  domain-related 
business  ideas  or  not? 


If  the  court  decides  ICANN  is  right,  that  will 
provide  clarity.  It  will  mean  ICANN  has  to  ap¬ 
prove  any  new  business  ideas  that  will  affect 
how  domain  names  are  handled. 

But  it  will  also  mean  big  new  responsibilities 
for  ICANN.  No  more  claiming  that  it’s  just  a 
technical  standards  body.  No  more  slow,  fuzzy 
approval  processes.  No  more  wishy-washy 
decision-making.  ICANN  will  have  to  become 
a  full-fledged  regulator,  with  processes  and 
practices  that  are  open,  transparent  and  well 
defined.  In  short,  if  ICANN  wins,  ICANN  will 
never  be  the  same. 

And  if  the  court  decides  VeriSign  is  right? 
That  provides  clarity,  too.  ICANN  won’t  get 
to  regulate  Site  Finder,  or  foreign-language 
domain  names  that  use  non-ASCII  characters, 
or  the  Wait  Listing  Service  that  would  let 
VeriSign  customers  back-order  .com  domain 
names  whose  registrations  are  soon  to  expire. 
ICANN’s  role  will  just  be  to  set  technical 
standards. 

But  that  will  leave  a  regulatory  gap.  Think  it’ll 
last  long?  Don’t  count  on  it.  Lawmakers  regular¬ 
ly  try  to  stick  their  fingers  in  the  domain-name 
pie.  The  International  Telecommunication 
Union  has  proposed  replacing 
ICANN  with  a  World  Trade  Orga¬ 
nization-style  group.  And  the  Com¬ 
merce  Department,  which  created 
ICANN,  can  create  a  new  agency 
—  or  decide  to  leave  domain-name 
businesses  unregulated. 

In  other  words,  if  VeriSign  wins, 
domain  regulation  will  never  be 
the  same,  either.  There  may  be 
more  regulation.  Or  less.  But  one 
thing  is  clear:  It’ll  be  different. 

And  that  is  a  good  thing  —  even 
if  it’s  not  exactly  the  clarity  that 
VeriSign  is  looking  for.  ©  45201 


FRANK  HAYES,  Computer- 
world's  senior  news  colum¬ 
nist,  has  covered  IT  for  more 
than  20  years.  Contact  him  at 

frank_hayes@computerworld.com. 


The  Care  and  Feeding  of  Users 

Four  or  five  times  a  year,  this  single,  IHpe  female 
user  tearfully  asks  sysadmin  pilot  fish  first  thing  in  the 
morning  to  reset  all  her  passwords.  Fish  always  does 
it,  and  the  user  leaves  smiling.  But  fish  can’t  under¬ 
stand  why  she’s  so  upset  about  a  simple  password  re¬ 
set  -  until  he  finally  mentions  it  to  someone  else  in  the 
office.  “Her  co-worker  explained  that  she  usually  used 
her  boyfriend’s  name  as  a  password,”  fish  says,  “and 
would  want  to  change  it  when  she  had  been  dumped.” 


Not  Her 
Fault, 

Really 

Panicky  user 
can’t  turn  off 
the  laptop  she  has  bor¬ 
rowed,  and  now  she’s 
afraid  she  has  broken  it. 
“There's  no  switch  or  in¬ 
dication  of  on/off  any¬ 
where,”  says  IT  pilot  fish 
who’s  called  to  help.  “Fi¬ 
nally,  we  find  something 
that  says  ‘1/0’  and  press 
it,  but  nothing  happens. 
Another  user  overhears 
our  discussion  and  says, 
‘You  got  the  right  key, 
you  just  have  to  hold  it 
for  10  seconds.  And  if 
you  hold  it  too  long,  it 
turns  back  on  again.’  I 
explain  to  the  user  it’s 
not  her  fault -that  the 
idiots  who  designed  this 
thing  were  jerks.” 

Out  of  Whack 

All  day  long,  this  user 
complains,  his  monitor 
keeps  going  on  and  off. 
After  a  few  weeks  of 
whacking  it  to  get  it 
working  again,  he  calls 
IT  manager  pilot  fish, 
who  investigates  -  and 
figures  it  out.  “Giving  it  a 
whack  shook  the  entire 
desk,”  sighs  fish.  “That 
moved  the  mouse  just 
enough  to  turn  off  the 
screen  saver.  I  disabled 
the  screen  saver  and 
probably  saved  a  moni¬ 
tor,  computer  and  desk 
from  getting  destroyed.” 


Wise 
Choice 

Office  manager 
gets  peeved 
when  the 
;  weather  forecast  on  the 
j  company’s  intranet  is 
j  wrong.  “She  complained 
\  to  me  that  the  CIO  need- 
j  ed  to  make  sure  the 
j  weather  was  reported 
j  correctly,”  says  the  local 
j  IT  support  pilot  fish, 
j  “When  I  said  we  get  the 
\  forecast  from  Weather. - 
j  com  -  it  does  say  this  on 
j  the  Web  site  -  she  re- 
j  sponded  that  it  was  still 
j  the  CIO’s  fault  since  it 
j  was  on  our  Web  site.  But 
j  I  didn’t  bother  forward- 
j  ing  the  complaint  - 
i  knowing  the  CIO  would 
j  take  it  poorly.” 

I  Hey,  If  It  Works, 

{ It  Works 

I  This  user  just  can’t  re- 
i  member  her  password. 

;  “She  would  forget  it  be- 
j  tween  Friday  and  Mon- 
I  day  morning,”  says  sup- 
j  port  pilot  fish.  “She 
j  would  call  and  say  she 
j  couldn’t  log  in.  I  would 
j  ask.  What  is  your  pass- 
I  word?  She  invariably 
j  replied, ‘I  forgot.’ So  I 
j  made  her  password 
j  iforgot.  When  she  called 
j  up  the  next  Monday  I 
j  asked  her  what  her 
j  password  was.  She 
j  replied, ‘I  forgot.’ And 
|  that  was  the  end  of  my 
:  problem.” 


SHARK 

TANKv 


OFEED  THE  SHARK!  Send  your  true  tales  of  U  life  to 
sharky@computerworld.com.  You  snag  a  snazzy 
Shark  shirt  if  we  use  it.  And  check  out  the  daily  feed,  browse 
the  Sharkives  and  sign  up  for  Shark  Tank  home  delivery  at 

computerworld.com/sharky. 
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Johnson  Foundation’s  work  to  prevent  HIV/AIDS  and  address  inner-city  health,  education 
and  social  issues.  Programs  include  scholarships,  mentoring,  new  technology  centers 
and  health-awareness  campaigns.  We’re  proud  to  support  this  deserving  cause.  The  Four 
Seasons  of  Hope.  Because  no  one  should  ever  go  without. 


Please  Join  Samsung,  Best  Buy 
and  Magic  to  help  the  children. 


Samsung’s  Four  Seasons  of  Hope,  Best  Buy  and  the  Magic  Johnson  Foundation  have 
teamed  up  to  make  a  difference  in  the  community.  The  funds  we  raise  benefit  the  Magic 
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You  take  your 
company's 
infrastructure 
security  seriously. 

So  do  we. 


Security  is  a  primary  concern  for  all  of  us.  That's  why  we've  developed  an  array  of  new  tools  and  guidance, 
centralized  at  microsoft.com/security/IT.  It's  a  resource  you  can  turn  to  for  timely  news,  education,  and  tools, 
all  intended  to  help  you  better  plan  and  manage  the  security  strategy  that's  right  for  your  company. 


Take  advantage  of  the  latest  tools  and  training  at  microsoft.com/security/IT. 


►  Free  Security  Training 

i 


Register  for  free  security  management  training, 
including  a  Security  Summit  in  a  city  near  you,  weekly 
security  Webcasts,  and  in-depth  e-learning  designed 
to  help  you  improve  your  security  infrastructure. 

►  Free  Tools  and  Updates 

Streamline  patch  management  with  free  tools 
such  as  Microsoft®  Software  Update  Services. 
Download  software  like  Microsoft  Baseline  Security 
Analyzer  to  verify  that  your  systems  are  configured 
to  maximize  security. 


►  Free  Emergency  Notifications 

Sign  up  to  stay  up-to-date  with  the  latest 
vulnerability  assessments,  mitigation  advice, 
and  patch  availability. 

►  Free  Security  Guidance  Kit 

Evaluate  detailed  guidance  and  templates, 
then  pre-order  your  free  CD-ROM  with  roadmaps 
and  how-to  guides.  Learn  how  measures  like 
automating  security  patch  installation  and 
blocking  unsafe  e-mail  attachments  can  help 
better  protect  your  organization. 
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Go  to  microsoft.com/security/IT 


For  ongoing  guidance  to  help  better  plan  and  manage  your 
company's  IT  security,  go  to  microsoft.com/security/IT  today. 
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